Test target REQUEST_COOKIES_NAMES

Signed-off-by: Sebitosh <[email protected]>

Author: Sebitosh

generated/rules/MRTS_059_REQUEST_COOKIES.conf

@@ -0,0 +1,144 @@
+SecRule REQUEST_COOKIES "@contains attack" \
+    "id:100116,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES "@contains attack" \
+    "id:100117,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES "@contains attack" \
+    "id:100118,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES "@contains attack" \
+    "id:100119,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
+    "id:100120,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
+    "id:100121,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
+    "id:100122,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1 "@contains attack" \
+    "id:100123,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
+    "id:100124,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
+    "id:100125,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
+    "id:100126,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:cookie1|REQUEST_COOKIES:cookie2 "@contains attack" \
+    "id:100127,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
+    "id:100128,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
+    "id:100129,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
+    "id:100130,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES:/^cookie_.*$/ "@contains attack" \
+    "id:100131,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+

generated/rules/MRTS_110_XML.conf

@@ -1,5 +1,5 @@
 SecRule XML:/* "@beginsWith foo" \
-    "id:100116,\
+    "id:100132,\
     phase:2,\
     deny,\
     t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100117,\
+    "id:100133,\
     phase:3,\
     deny,\
     t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100118,\
+    "id:100134,\
     phase:4,\
     deny,\
     t:none,\

generated/tests/regression/tests/100116_MRTS_059_REQUEST_COOKIES.yaml

@@ -0,0 +1,161 @@
+---
+meta:
+  author: MRTS generate-rules.py
+  enabled: true
+  name: MRTS_059_REQUEST_COOKIES.yaml
+  description: Desc
+tests:
+- test_title: 100116-1
+  ruleid: 100116
+  test_id: 1
+  desc: 'Test case for rule 100116, #1'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: foo=attack
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-2
+  ruleid: 100116
+  test_id: 2
+  desc: 'Test case for rule 100116, #2'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie1=attack
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-3
+  ruleid: 100116
+  test_id: 3
+  desc: 'Test case for rule 100116, #3'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie1=attack;cookie2=hello
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-4
+  ruleid: 100116
+  test_id: 4
+  desc: 'Test case for rule 100116, #4'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie2=attack
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-5
+  ruleid: 100116
+  test_id: 5
+  desc: 'Test case for rule 100116, #5'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie1=hello;cookie2=attack
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-6
+  ruleid: 100116
+  test_id: 6
+  desc: 'Test case for rule 100116, #6'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie_foo=attack
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116
+- test_title: 100116-7
+  ruleid: 100116
+  test_id: 7
+  desc: 'Test case for rule 100116, #7'
+  stages:
+  - description: Send request
+    input:
+      dest_addr: 127.0.0.1
+      port: 80
+      protocol: http
+      method: GET
+      headers:
+        User-Agent: OWASP MRTS test agent
+        Host: localhost
+        Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+        Cookie: cookie_bar=hello;cookie_foo=attack;cookie_foobar=world
+      uri: /
+      version: HTTP/1.1
+    output:
+      log:
+        expect_ids:
+        - 100116