8000 feat: add test overrides for nginx by theseion · Pull Request #3369 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: add test overrides for nginx #3369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Jul 1, 2024
Merged

feat: add test overrides for nginx #3369

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
47a97c1
feat: add test overrides for nginx
theseion Nov 9, 2023
991d3aa
feat: update schema
theseion Nov 9, 2023
dfad9a1
feat: add test overrides for Coraza
theseion Nov 11, 2023
54e7d07
Update nginx-overrides.yaml
theMiddleBlue Nov 9, 2023
bfc94aa
chore: update tests to use single status code only
theseion Apr 27, 2024
fc4f40c
chore: update overrides to match schema
theseion Apr 28, 2024
8e5365c
chore: rebase onto @azurit's huge change
theseion May 30, 2024
adb5525
feat: add platform overrides for httpd
theseion May 5, 2024
586ae80
chore: update tests to newest schema
theseion May 31, 2024
0cf921b
chore: clean up overrides
theseion May 5, 2024
a9e91f8
chore: update workflow for go-ftw v1.0.1
theseion Jun 1, 2024
a5f4796
chore: update to go-ftw v1.0.2
theseion Jun 14, 2024
dda2f1a
chore: fix typo
theseion Jun 17, 2024
f9e843a
chore: apply review suggestions
theseion Jun 20, 2024
0a90b76
chore: handle httpd segfaults
theseion Jun 20, 2024
6567ca2
chore: override bad test 920370
theseion Jun 20, 2024
c6816dd
chore: update to go-ftw v1.0.3
theseion Jun 22, 2024
c8d3f52
fix: add `rule_id` field to all tests
theseion Jun 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
8000
  •  
  •  
  •  
4 changes: 2 additions & 2 deletions .github/ISSUE_TEMPLATE/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Help and support
url: https://security.stackexchange.com/questions/tagged/owasp-crs
url: https://security.stackexchange.com/questions/tagged/owasp-crs
about: For help and support please go here.
- name: OWASP Core Rule Set mailing list
url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project
url: https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project
about: Ask general usage questions and participate in discussions on the CRS.
16 changes: 11 additions & 5 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ on:

# Pin tool versions to prevent problems
env:
GO_FTW_VERSION: '0.6.4'
GO_FTW_VERSION: '1.0.3'

jobs:
regression:
Expand All @@ -36,16 +36,22 @@ jobs:
-p "ftw_${{ env.GO_FTW_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw

- name: "Run tests for ${{ matrix.modsec_version }}"
env:
FTW_LOGFILE: './tests/logs/${{ matrix.modsec_version }}/error.log'
run: |
mkdir -p "tests/logs/${{ matrix.modsec_version }}/{nginx,apache2}"
chmod -R o+rw "tests/logs"
docker-compose -f ./tests/docker-compose.yml up -d "${{ matrix.modsec_version }}"
docker-compose -f ./tests/docker-compose.yml logs
[ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ]
if ! [ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ]; then
echo "Web server failed to start. Aborting."
exit 1
fi

./ftw check -d tests/regression/tests
./ftw run -d tests/regression/tests --show-failures-only
./ftw run \
-d tests/regression/tests \
--log-file "tests/logs/${{ matrix.modsec_version }}/error.log" \
--overrides tests/regression/httpd-overrides.yaml \
--show-failures-only

- name: "Change permissions if failed"
if: failure()
Expand Down
58 changes: 29 additions & 29 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -372,23 +372,23 @@ Documentation on how to run the CRS test suite can be found in the [online docum
Example of a simple *positive test*:

```yaml
- test_title: 932230-26
- test_id: 26
desc: "Unix command injection"
stages:
- stage:
input:
dest_addr: 127.0.0.1
headers:
Host: localhost
User-Agent: "OWASP CRS test agent"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
method: POST
port: 80
uri: "/post"
data: "var=` /bin/cat /etc/passwd`"
version: HTTP/1.1
output:
log_contains: id "932230"
- input:
dest_addr: 127.0.0.1
headers:
Host: localhost
User-Agent: "OWASP CRS test agent"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
method: POST
port: 80
uri: "/post"
data: "var=` /bin/cat /etc/passwd`"
version: HTTP/1.1
output:
log:
expect_ids: [932230]
```

This test will succeed if the log output contains `id "932230"`, which would indicate that the rule in question matched and generated an alert.
Expand All @@ -402,21 +402,21 @@ The rule's description field, `desc`, is important. It should describe what is b
Example of a simple *negative test*:

```yaml
- test_title: 932260-4
- test_id: 4
stages:
- stage:
input:
dest_addr: "127.0.0.1"
method: "POST"
port: 80
headers:
User-Agent: "OWASP CRS test agent"
Host: "localhost"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
data: 'foo=ping pong tables'
uri: '/post'
output:
no_log_contains: id "932260"
- input:
dest_addr: "127.0.0.1"
method: "POST"
port: 80
headers:
User-Agent: "OWASP CRS test agent"
Host: "localhost"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
data: 'foo=ping pong tables'
uri: '/post'
output:
log:
no_expect_ids: [932260]
```

This test will succeed if the log output does **not** contain `id "932260"`, which would indicate that the rule in question did **not** match and so did **not** generate an alert.
Expand Down
26 changes: 13 additions & 13 deletions tests/regression/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,22 @@ The OWASP CRS project was part of the effort to develop the Web Application Fire
---
meta:
author: "csanders-git"
enabled: true
name: "911100.yaml"
description: "Description"
description: "A meaningful description"
rule_id: 911100
tests:
- test_title: 911100-1
- test_id: 1
stages:
- stage:
input:
dest_addr: "127.0.0.1"
port: 80
headers:
User-Agent: "OWASP CRS test agent"
Host: "localhost"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
output:
no_log_contains: "id \"911100\""
- input:
dest_addr: "127.0.0.1"
port: 80
headers:
User-Agent: "OWASP CRS test agent"
Host: "localhost"
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
output:
log:
expect_id: 911100
```

For go-ftw, please check out from [go-ftw releases page](https://github.com/coreruleset/go-ftw/releases).
Expand Down
52 changes: 52 additions & 0 deletions tests/regression/coraza-overrides.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
version: "v0.0.0"
meta:
engine: "coraza"
platform: "go"
annotations:
- purpose: "CRS test suite"
test_overrides:
- rule_id: 920100
test_ids: [4]
reason: 'Invalid uri, Coraza not reached - 404 page not found'
output:
status: 404
- rule_id: 920100
test_ids: [5]
reason: 'Invalid uri, Coraza not reached - 404 page not found'
output:
status: 404
- rule_id: 920100
test_ids: [8]
reason: 'Go/http allows a colon in the path. Test expects status 400 or 403 (Apache behaviour)'
output:
status: 200
log:
expect_ids: [920100]
- rule_id: 920270
test_ids: [4]
reason: 'Rule works, log contains 920270. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920272
test_ids: [5]
reason: 'Rule works, log contains 920272. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920290
test_ids: [1]
reason: 'Rule works, log contains 920290. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920430
test_ids: [8]
reason: 'Go/http does not allow HTTP/3.0 - 505 HTTP Version Not Supported'
output:
status: 505
log:
no_expect_ids: [920430]
- rule_id: 932200
test_ids: [13]
reason: 'wip'
- rule_id: 934131
test_ids: [5, 7]
reason: 'TODO: check why we are failing to deobfuscate these payloads'
35 changes: 35 additions & 0 deletions tests/regression/httpd-overrides.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
version: "v0.0.0"
meta:
engine: "ModSecurity v2"
platform: "httpd"
annotations:
- purpose: "CRS test suite"
test_overrides:
- rule_id: 920360
test_ids: [1]
reason: Requires ARG_NAME_LENGTH to be set to an appropriately low value
output:
status: 200
log:
no_expect_ids: [920360]
- rule_id: 920370
test_ids: [1]
reason: Doesn't trigger. Needs to be fixed (https://github.com/coreruleset/coreruleset/issues/3745)
output:
status: 200
log:
no_expect_ids: [920370]
- rule_id: 920380
test_ids: [1]
reason: Requires MAX_NUM_ARGS to be set to a sufficiently low value
output:
status: 200
log:
no_expect_ids: [920380]
- rule_id: 920390
test_ids: [1]
reason: Exceeds PCRE limits, currently segfaults on the CI
output:
expect_error: true
log:
no_expect_ids: [920390]
Loading
0