Code Monkey home page Code Monkey logo

secrules-language-tests's Introduction

SecRules Test Set (STS)

STS was built to support the development of new implementations of SecRules, and also to avoid regression on the existing ones. The STS does not have any test script, containing only test cases.

This repository does not include all the operators supported by ModSecurity. This repository contains operators that are not supported by ModSecurity yet.

The tests in this repository came from ModSecurity unit tests (originally saved in the format of a Perl script). These tests were converted from Perl to JSON to make them easier to be opened (and parsed) in different platforms.

How does it work?

All the test cases are saved into text files in JSON format. Every file contains an array of hashes, as illustrated below:

   {
      "ret" : 0,
      "type" : "op",
      "name" : "gt",
      "param" : "0",
      "input" : ""
   },

The hashes describe the operator to be used with a given parameter and input content to be tested. The outcome result is also part of the hash, allowing the verification if the target application is working as expected.

Test Organization

The directory "operators" contains unit tests for the SecRules operators. The file names are given after the operator name. Notice that the file name is just a matter of organization, and it does not interfere in the test. The operator name is also made explicit inside the test structure.

The hash that describes a unit test is disposed in the following structure:

  • ret: Return code, can be 1 or 0 (True or False)
  • type: Always "op"
  • name: Operator name
  • param: Operator parameter
  • input: Input data

How do I add STS to my implementation?

It is recommended to add this repository as a git submodule:

$ git submodule add https://github.com/SpiderLabs/secrules-language-tests

secrules-language-tests's People

Contributors

asterite3 avatar marshal09 avatar martinhsv avatar rufus125 avatar wgh- avatar zimmerle avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

actus10 4sp1r3 dstelter bjh7242 appleleaf cybershieldconsulting seclab-msu wgh- rufus125 5l1v3r1 martinhsv marshal09 dk47os3r appsumo ekmixon fesily

secrules-language-tests's Issues

Non-standard escaping of zero bytes

I'm wondering why zero bytes are now double-escaped, which essentially breaks naive JSON parsing (e.g. using cjson).

Could you shed some light on the reasoning? What's wrong with \u0000?

Is posible to test regular expression.

My website was blocked by firewall and network administrator give me this message "Detects MSSQL code execution and information gathering attempts". I think the message is about following rule.

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(?i:(?:\sexec\s+xp_cmdshell)|(?:[\"'`´’‘]\s*?!\s*?[\"'`´’‘\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*?\([^\)]*?)|(?:[\"'`´’‘];?\s*?(?:select|union|having)\s*?[^\s])|(?:\wiif\s*?\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*?select)|(?:select.*?\w?user\()|(?:into[\s+]+(?:dump|out)file\s*?[\"'`´’‘]))" "phase:2,capture,t:none,t:urlDecodeUni,block,msg:'Detects MSSQL code execution and information gathering attempts',id:'981255',tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',severity:'2',setvar:'tx.msg=%{rule.id}-%{rule.msg}',setvar:tx.sql_injection_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:'tx.%{tx.msg}-OWASP_CRS/WEB_ATTACK/SQLI-%{matched_var_name}=%{tx.0}'"

I want to test that my JavaScript match the rule or not. Because I don't know much about SecRule can someone give a hint for this purpose.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.