← Back to branch summary

~ubuntu-branches/ubuntu/natty/libapache-mod-security/natty-updates

« back to all changes in this revision

Viewing changes to apache2/t/regression/misc/20-pdf-xss.t

  • Committer: Bazaar Package Importer
  • Author(s): Alberto Gonzalez Iniesta
  • Date: 2009-03-23 09:56:42 UTC
  • mfrom: (1.1.3 upstream)
  • Revision ID: james.westby@ubuntu.com-20090323095642-tbas4vpzvlc87vyg
Tags: 2.5.9-1
http://bugs.debian.org/512472
http://bugs.debian.org/516540
* New upstream release. (Closes: #512472)
  Urgency high due to it fixing multiple remote DoS.
  Bugtraq ID: 34096
* Moved to debhelper compatibility level 7:
  - echo 7 > debian/compat
  - Added ${misc:Depends} to debian/control
  - Bumped debhelper version dependency in debian/control
* Fixed long description formatting. (Closes: #516540)
* Prepared build of mlogc, not releasing this time due to
  urgency of release and missing man page.

Show diffs side-by-side

added added

removed removed

Lines of Context:
apache2/t/regression/misc/20-pdf-xss.t
 
1
# PDF XSS Protection
 
2
 
 
3
{
 
4
        type => "misc",
 
5
        comment => "pdf-xss - GET",
 
6
        conf => qq(
 
7
                SecRuleEngine On
 
8
                SecDebugLog $ENV{DEBUG_LOG}
 
9
                SecDebugLogLevel 9
 
10
 
 
11
                SecPdfProtect On
 
12
                SecPdfProtectMethod TokenRedirection
 
13
                SecPdfProtectSecret FooBar
 
14
                SecPdfProtectTimeout 10
 
15
        ),
 
16
        match_log => {
 
17
                debug => [ qr/PdfProtect: PDF request without a token - redirecting to/, 1 ],
 
18
        },
 
19
        match_response => {
 
20
                status => qr/^200$/,
 
21
        },
 
22
        request => new HTTP::Request(
 
23
                GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
 
24
        ),
 
25
},
 
26
{
 
27
        type => "misc",
 
28
        comment => "pdf-xss - POST",
 
29
        conf => qq(
 
30
                SecRuleEngine On
 
31
                SecDebugLog $ENV{DEBUG_LOG}
 
32
                SecDebugLogLevel 9
 
33
 
 
34
                SecPdfProtect On
 
35
                SecPdfProtectMethod TokenRedirection
 
36
                SecPdfProtectSecret FooBar
 
37
                SecPdfProtectTimeout 10
 
38
        ),
 
39
        match_log => {
 
40
                -error => [ qr/exit signal/, 1 ],
 
41
                debug => [ qr/PdfProtect: Not intercepting.*method=POST\/2/, 1 ],
 
42
        },
 
43
        match_response => {
 
44
                status => qr/^200$/,
 
45
        },
 
46
        request => new HTTP::Request(
 
47
                POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
 
48
                [
 
49
                        "Content-Type" => "application/x-www-form-urlencoded",
 
50
                ],
 
51
                #  Args
 
52
                "a=1&b=2",
 
53
        ),
 
54
},