5
# TEST CASE AVEC UNE REGLE SUR UN HEADER GENERIQUE
6
# La même sur des arguments :)
9
use Test::Nginx::Socket;
11
plan tests => repeat_each(2) * blocks();
14
$ENV{TEST_NGINX_SERVROOT} = server_root();
19
=== TEST 1: Basic GET request
21
include /etc/nginx/naxsi_core.rules;
26
DeniedUrl "/RequestDenied";
27
CheckRule "$SQL >= 8" BLOCK;
28
CheckRule "$RFI >= 8" BLOCK;
29
CheckRule "$TRAVERSAL >= 4" BLOCK;
30
CheckRule "$XSS >= 8" BLOCK;
31
root $TEST_NGINX_SERVROOT/html/;
32
index index.html index.htm;
34
location /RequestDenied {
40
=== TEST 2: DENY : Obvious GET XSS
42
include /etc/nginx/naxsi_core.rules;
47
DeniedUrl "/RequestDenied";
48
CheckRule "$SQL >= 8" BLOCK;
49
CheckRule "$RFI >= 8" BLOCK;
50
CheckRule "$TRAVERSAL >= 4" BLOCK;
51
CheckRule "$XSS >= 8" BLOCK;
52
root $TEST_NGINX_SERVROOT/html/;
53
index index.html index.htm;
55
location /RequestDenied {
59
GET /?a="><ScRiPt>alert(1)</scRiPt>
61
=== TEST 2.1: DENY : Obvious RFI
63
include /etc/nginx/naxsi_core.rules;
68
DeniedUrl "/RequestDenied";
69
CheckRule "$SQL >= 8" BLOCK;
70
CheckRule "$RFI >= 2" BLOCK;
71
CheckRule "$TRAVERSAL >= 4" BLOCK;
72
CheckRule "$XSS >= 8" BLOCK;
73
root $TEST_NGINX_SERVROOT/html/;
74
index index.html index.htm;
76
location /RequestDenied {
80
GET /?a=http://evil.com/eva.txt
82
=== TEST 2.3: DENY : Obvious LFI
84
include /etc/nginx/naxsi_core.rules;
89
DeniedUrl "/RequestDenied";
90
CheckRule "$SQL >= 8" BLOCK;
91
CheckRule "$RFI >= 2" BLOCK;
92
CheckRule "$TRAVERSAL >= 4" BLOCK;
93
CheckRule "$XSS >= 8" BLOCK;
94
root $TEST_NGINX_SERVROOT/html/;
95
index index.html index.htm;
97
location /RequestDenied {
101
GET /?a=../../../../../bar.txt
103
=== TEST 3: OBVIOUS GET SQL INJECTION
105
include /etc/nginx/naxsi_core.rules;
110
DeniedUrl "/RequestDenied";
111
CheckRule "$SQL >= 8" BLOCK;
112
CheckRule "$RFI >= 8" BLOCK;
113
CheckRule "$TRAVERSAL >= 4" BLOCK;
114
CheckRule "$XSS >= 8" BLOCK;
115
root $TEST_NGINX_SERVROOT/html/;
116
index index.html index.htm;
118
location /RequestDenied {
124
=== TEST 3bis: OBVIOUS (quoteless) GET SQL INJECTION
126
include /etc/nginx/naxsi_core.rules;
131
DeniedUrl "/RequestDenied";
132
CheckRule "$SQL >= 8" BLOCK;
133
CheckRule "$RFI >= 8" BLOCK;
134
CheckRule "$TRAVERSAL >= 4" BLOCK;
135
CheckRule "$XSS >= 8" BLOCK;
136
root $TEST_NGINX_SERVROOT/html/;
137
index index.html index.htm;
139
location /RequestDenied {
143
GET /?a=1+UnIoN+SeLeCt+1