5
# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
6
# La même sur des arguments :)
9
use Test::Nginx::Socket;
11
plan tests => repeat_each(2) * blocks();
14
$ENV{TEST_NGINX_SERVROOT} = server_root();
17
=== WL TEST 1.0: Obvious test in arg
19
include /etc/nginx/naxsi_core.rules;
20
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
25
DeniedUrl "/RequestDenied";
26
CheckRule "$SQL >= 8" BLOCK;
27
CheckRule "$RFI >= 8" BLOCK;
28
CheckRule "$TRAVERSAL >= 4" BLOCK;
29
CheckRule "$XSS >= 8" BLOCK;
30
root $TEST_NGINX_SERVROOT/html/;
31
index index.html index.htm;
33
location /RequestDenied {
40
=== WL TEST 1.01: Check non-collision of zone and 'name' flag
42
include /etc/nginx/naxsi_core.rules;
43
MainRule id:5 "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42";
47
DeniedUrl "/RequestDenied";
48
CheckRule "$SQL >= 8" BLOCK;
49
CheckRule "$RFI >= 8" BLOCK;
50
CheckRule "$TRAVERSAL >= 4" BLOCK;
51
CheckRule "$XSS >= 8" BLOCK;
52
root $TEST_NGINX_SERVROOT/html/;
53
index index.html index.htm;
55
location /RequestDenied {
62
=== WL TEST 1.1: Generic whitelist in ARGS_NAME
64
include /etc/nginx/naxsi_core.rules;
65
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
70
DeniedUrl "/RequestDenied";
71
CheckRule "$SQL >= 8" BLOCK;
72
CheckRule "$RFI >= 8" BLOCK;
73
CheckRule "$TRAVERSAL >= 4" BLOCK;
74
CheckRule "$XSS >= 8" BLOCK;
75
root $TEST_NGINX_SERVROOT/html/;
76
index index.html index.htm;
77
BasicRule wl:1999 "mz:ARGS|NAME";
79
location /RequestDenied {
87
=== WL TEST 1.11: Generic whitelist in ARGS_NAME, limit
89
include /etc/nginx/naxsi_core.rules;
90
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
95
DeniedUrl "/RequestDenied";
96
CheckRule "$SQL >= 8" BLOCK;
97
CheckRule "$RFI >= 8" BLOCK;
98
CheckRule "$TRAVERSAL >= 4" BLOCK;
99
CheckRule "$XSS >= 8" BLOCK;
100
root $TEST_NGINX_SERVROOT/html/;
101
index index.html index.htm;
102
BasicRule wl:1999 "mz:ARGS";
104
location /RequestDenied {
111
=== WL TEST 1.12: Generic whitelist in ARGS_NAME, limit
113
include /etc/nginx/naxsi_core.rules;
114
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
119
DeniedUrl "/RequestDenied";
120
CheckRule "$SQL >= 8" BLOCK;
121
CheckRule "$RFI >= 8" BLOCK;
122
CheckRule "$TRAVERSAL >= 4" BLOCK;
123
CheckRule "$XSS >= 8" BLOCK;
124
root $TEST_NGINX_SERVROOT/html/;
125
index index.html index.htm;
126
BasicRule wl:1999 "mz:ARGS|NAME";
128
location /RequestDenied {
135
=== WL TEST 1.2: whitelist in ARGS_NAME+$URL
137
include /etc/nginx/naxsi_core.rules;
138
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
143
DeniedUrl "/RequestDenied";
144
CheckRule "$SQL >= 8" BLOCK;
145
CheckRule "$RFI >= 8" BLOCK;
146
CheckRule "$TRAVERSAL >= 4" BLOCK;
147
CheckRule "$XSS >= 8" BLOCK;
148
root $TEST_NGINX_SERVROOT/html/;
149
index index.html index.htm;
150
BasicRule wl:1999 "mz:$URL:/|ARGS|NAME";
152
location /RequestDenied {
159
=== WL TEST 1.21: whitelist in ARGS_NAME+$URL, limit
161
include /etc/nginx/naxsi_core.rules;
162
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
167
DeniedUrl "/RequestDenied";
168
CheckRule "$SQL >= 8" BLOCK;
169
CheckRule "$RFI >= 8" BLOCK;
170
CheckRule "$TRAVERSAL >= 4" BLOCK;
171
CheckRule "$XSS >= 8" BLOCK;
172
root $TEST_NGINX_SERVROOT/html/;
173
index index.html index.htm;
174
BasicRule wl:1999 "mz:$URL:/|ARGS|NAME";
176
location /RequestDenied {
183
=== WL TEST 1.22: whitelist in ARGS_NAME+$URL, limit
185
include /etc/nginx/naxsi_core.rules;
186
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
191
DeniedUrl "/RequestDenied";
192
CheckRule "$SQL >= 8" BLOCK;
193
CheckRule "$RFI >= 8" BLOCK;
194
CheckRule "$TRAVERSAL >= 4" BLOCK;
195
CheckRule "$XSS >= 8" BLOCK;
196
root $TEST_NGINX_SERVROOT/html/;
197
index index.html index.htm;
198
BasicRule wl:1999 "mz:$URL:/|ARGS|NAME";
200
location /RequestDenied {
208
=== WL TEST 1.3: failed whitelist in ARGS_NAME+$URL
210
include /etc/nginx/naxsi_core.rules;
211
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
216
DeniedUrl "/RequestDenied";
217
CheckRule "$SQL >= 8" BLOCK;
218
CheckRule "$RFI >= 8" BLOCK;
219
CheckRule "$TRAVERSAL >= 4" BLOCK;
220
CheckRule "$XSS >= 8" BLOCK;
221
root $TEST_NGINX_SERVROOT/html/;
222
index index.html index.htm;
223
BasicRule wl:1999 "mz:$URL:/z|ARGS|NAME";
225
location /RequestDenied {
232
=== WL TEST 1.31: failed whitelist in ARGS_NAME+$URL
234
include /etc/nginx/naxsi_core.rules;
235
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
240
DeniedUrl "/RequestDenied";
241
CheckRule "$SQL >= 8" BLOCK;
242
CheckRule "$RFI >= 8" BLOCK;
243
CheckRule "$TRAVERSAL >= 4" BLOCK;
244
CheckRule "$XSS >= 8" BLOCK;
245
root $TEST_NGINX_SERVROOT/html/;
246
index index.html index.htm;
247
BasicRule wl:1999 "mz:$URL:/|ARGS|NAME";
249
location /RequestDenied {
256
=== WL TEST 1.32: failed whitelist in ARGS_NAME+$URL
258
include /etc/nginx/naxsi_core.rules;
259
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
264
DeniedUrl "/RequestDenied";
265
CheckRule "$SQL >= 8" BLOCK;
266
CheckRule "$RFI >= 8" BLOCK;
267
CheckRule "$TRAVERSAL >= 4" BLOCK;
268
CheckRule "$XSS >= 8" BLOCK;
269
root $TEST_NGINX_SERVROOT/html/;
270
index index.html index.htm;
271
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:b|NAME";
273
location /RequestDenied {
280
=== WL TEST 1.33: failed whitelist in ARGS_NAME+$URL
282
include /etc/nginx/naxsi_core.rules;
283
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
288
DeniedUrl "/RequestDenied";
289
CheckRule "$SQL >= 8" BLOCK;
290
CheckRule "$RFI >= 8" BLOCK;
291
CheckRule "$TRAVERSAL >= 4" BLOCK;
292
CheckRule "$XSS >= 8" BLOCK;
293
root $TEST_NGINX_SERVROOT/html/;
294
index index.html index.htm;
295
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
297
location /RequestDenied {
304
=== WL TEST 1.34: failed whitelist in ARGS_NAME+$URL
306
include /etc/nginx/naxsi_core.rules;
307
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
308
MainRule "str:foobra" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:2999;
313
DeniedUrl "/RequestDenied";
314
CheckRule "$SQL >= 8" BLOCK;
315
CheckRule "$RFI >= 8" BLOCK;
316
CheckRule "$TRAVERSAL >= 4" BLOCK;
317
CheckRule "$XSS >= 8" BLOCK;
318
root $TEST_NGINX_SERVROOT/html/;
319
index index.html index.htm;
320
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
321
BasicRule wl:2999 "mz:$URL:/|$ARGS_VAR:foobar";
323
location /RequestDenied {
330
=== WL TEST 1.35: failed whitelist in ARGS_NAME+$URL
332
include /etc/nginx/naxsi_core.rules;
333
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
334
MainRule "str:foobra" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:2999;
339
DeniedUrl "/RequestDenied";
340
CheckRule "$SQL >= 8" BLOCK;
341
CheckRule "$RFI >= 8" BLOCK;
342
CheckRule "$TRAVERSAL >= 4" BLOCK;
343
CheckRule "$XSS >= 8" BLOCK;
344
root $TEST_NGINX_SERVROOT/html/;
345
index index.html index.htm;
346
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
347
BasicRule wl:2999 "mz:$URL:/|$ARGS_VAR:foobar";
349
location /RequestDenied {
356
=== WL TEST 1.36: failed whitelist in ARGS_NAME+$URL
358
include /etc/nginx/naxsi_core.rules;
359
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
360
MainRule "str:foobra" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:2999;
365
DeniedUrl "/RequestDenied";
366
CheckRule "$SQL >= 8" BLOCK;
367
CheckRule "$RFI >= 8" BLOCK;
368
CheckRule "$TRAVERSAL >= 4" BLOCK;
369
CheckRule "$XSS >= 8" BLOCK;
370
root $TEST_NGINX_SERVROOT/html/;
371
index index.html index.htm;
372
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
373
BasicRule wl:2999 "mz:$URL:/|$ARGS_VAR:foobar";
375
location /RequestDenied {
383
=== WL TEST 1.4: whitelist in ARGS_NAME+$URL+$ARGS_VAR
385
include /etc/nginx/naxsi_core.rules;
386
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
391
DeniedUrl "/RequestDenied";
392
CheckRule "$SQL >= 8" BLOCK;
393
CheckRule "$RFI >= 8" BLOCK;
394
CheckRule "$TRAVERSAL >= 4" BLOCK;
395
CheckRule "$XSS >= 8" BLOCK;
396
root $TEST_NGINX_SERVROOT/html/;
397
index index.html index.htm;
398
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
400
location /RequestDenied {
407
=== WL TEST 1.41: whitelist in ARGS_NAME+$URL+$ARGS_VAR
409
include /etc/nginx/naxsi_core.rules;
410
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
415
DeniedUrl "/RequestDenied";
416
CheckRule "$SQL >= 8" BLOCK;
417
CheckRule "$RFI >= 8" BLOCK;
418
CheckRule "$TRAVERSAL >= 4" BLOCK;
419
CheckRule "$XSS >= 8" BLOCK;
420
root $TEST_NGINX_SERVROOT/html/;
421
index index.html index.htm;
422
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
424
location /RequestDenied {
433
=== WL TEST 1.5: whitelist in ARGS_NAME+$URL+$ARGS_VAR, limit
435
include /etc/nginx/naxsi_core.rules;
436
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
441
DeniedUrl "/RequestDenied";
442
CheckRule "$SQL >= 8" BLOCK;
443
CheckRule "$RFI >= 8" BLOCK;
444
CheckRule "$TRAVERSAL >= 4" BLOCK;
445
CheckRule "$XSS >= 8" BLOCK;
446
root $TEST_NGINX_SERVROOT/html/;
447
index index.html index.htm;
448
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
450
location /RequestDenied {
458
=== WL TEST 1.51: whitelist in ARGS_NAME+$URL+$ARGS_VAR, limit
460
include /etc/nginx/naxsi_core.rules;
461
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
466
DeniedUrl "/RequestDenied";
467
CheckRule "$SQL >= 8" BLOCK;
468
CheckRule "$RFI >= 8" BLOCK;
469
CheckRule "$TRAVERSAL >= 4" BLOCK;
470
CheckRule "$XSS >= 8" BLOCK;
471
root $TEST_NGINX_SERVROOT/html/;
472
index index.html index.htm;
473
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
475
location /RequestDenied {
482
=== WL TEST 1.6: whitelist in ARGS_NAME+$URL+$ARGS_VAR, (collision)
484
include /etc/nginx/naxsi_core.rules;
485
MainRule "str:foobar" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999;
490
DeniedUrl "/RequestDenied";
491
CheckRule "$SQL >= 8" BLOCK;
492
CheckRule "$RFI >= 8" BLOCK;
493
CheckRule "$TRAVERSAL >= 4" BLOCK;
494
CheckRule "$XSS >= 8" BLOCK;
495
root $TEST_NGINX_SERVROOT/html/;
496
index index.html index.htm;
497
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar|NAME";
498
BasicRule wl:1999 "mz:$URL:/|$ARGS_VAR:foobar";
500
location /RequestDenied {