Merge pull request #22 from Sebitosh/args_test_rewrite

Test; ARGS test rewrite - test GET and POST on phases 1-4 and 2-4

Author: airween

config_tests/CONF_002_TARGET_ARGS_A-GET.yaml

@@ -0,0 +1,43 @@
+target: ARGS
+rulefile: MRTS_002_ARGS_A-GET.conf
+testfile: MRTS_002_ARGS_A-GET.yaml
+templates:
+- SecRule for TARGETS
+colkey:
+- - ''
+- - arg1
+- - arg1
+  - arg2
+- - /^arg_.*$/
+operator:
+- '@contains'
+oparg:
+- attack
+phase:
+- 1
+- 2
+- 3
+- 4
+testdata:
+  phase_methods:
+    1: get
+    2: get
+    3: get
+    4: get
+  targets:
+    - target: ''
+      test:
+        data:
+          foo: attack
+    - target: arg1
+      test:
+        data:
+          arg1: attack
+    - target: arg2
+      test:
+        data:
+          arg2: attack
+    - target: /^arg_.*$/
+      test:
+        data:
+          arg_foo: attack

config_tests/CONF_002_TARGET_ARGS.yaml renamed to config_tests/CONF_002_TARGET_ARGS_B-POST.yaml

@@ -1,6 +1,6 @@
 target: ARGS
-rulefile: MRTS_002_ARGS.conf
-testfile: MRTS_002_ARGS.yaml
+rulefile: MRTS_002_ARGS_B-POST.conf
+testfile: MRTS_002_ARGS_B-POST.yaml
 templates:
 - SecRule for TARGETS
 colkey:
@@ -14,13 +14,11 @@ operator:
 oparg:
 - attack
 phase:
-- 1
 - 2
 - 3
 - 4
 testdata:
   phase_methods:
-    1: get
     2: post
     3: post
     4: post

generated/rules/MRTS_002_ARGS.conf renamed to generated/rules/MRTS_002_ARGS_A-GET.conf

@@ -0,0 +1,108 @@
+SecRule ARGS "@contains attack" \
+    "id:100016,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS "@contains attack" \
+    "id:100017,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS "@contains attack" \
+    "id:100018,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1 "@contains attack" \
+    "id:100019,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1 "@contains attack" \
+    "id:100020,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1 "@contains attack" \
+    "id:100021,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1|ARGS:arg2 "@contains attack" \
+    "id:100022,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1|ARGS:arg2 "@contains attack" \
+    "id:100023,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:arg1|ARGS:arg2 "@contains attack" \
+    "id:100024,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:/^arg_.*$/ "@contains attack" \
+    "id:100025,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:/^arg_.*$/ "@contains attack" \
+    "id:100026,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule ARGS:/^arg_.*$/ "@contains attack" \
+    "id:100027,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+

generated/rules/MRTS_002_ARGS_B-POST.conf

@@ -1,5 +1,5 @@
 SecRule ARGS_COMBINED_SIZE "@lt 2" \
-    "id:100016,\
+    "id:100028,\
     phase:1,\
     deny,\
     t:none,\
@@ -8,7 +8,7 @@ SecRule ARGS_COMBINED_SIZE "@lt 2" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_COMBINED_SIZE "@lt 2" \
-    "id:100017,\
+    "id:100029,\
     phase:2,\
     deny,\
     t:none,\
@@ -17,7 +17,7 @@ SecRule ARGS_COMBINED_SIZE "@lt 2" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_COMBINED_SIZE "@lt 2" \
-    "id:100018,\
+    "id:100030,\
     phase:3,\
     deny,\
     t:none,\
@@ -26,7 +26,7 @@ SecRule ARGS_COMBINED_SIZE "@lt 2" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_COMBINED_SIZE "@lt 2" \
-    "id:100019,\
+    "id:100031,\
     phase:4,\
     deny,\
     t:none,\

generated/rules/MRTS_003_ARGS_COMBINED_SIZE.conf

@@ -1,5 +1,5 @@
 SecRule ARGS_GET "@contains attack" \
-    "id:100020,\
+    "id:100032,\
     phase:1,\
     deny,\
     t:none,\
@@ -8,7 +8,7 @@ SecRule ARGS_GET "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET "@contains attack" \
-    "id:100021,\
+    "id:100033,\
     phase:2,\
     deny,\
     t:none,\
@@ -17,7 +17,7 @@ SecRule ARGS_GET "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET "@contains attack" \
-    "id:100022,\
+    "id:100034,\
     phase:3,\
     deny,\
     t:none,\
@@ -26,7 +26,7 @@ SecRule ARGS_GET "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET "@contains attack" \
-    "id:100023,\
+    "id:100035,\
     phase:4,\
     deny,\
     t:none,\
@@ -35,7 +35,7 @@ SecRule ARGS_GET "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1 "@contains attack" \
-    "id:100024,\
+    "id:100036,\
     phase:1,\
     deny,\
     t:none,\
@@ -44,7 +44,7 @@ SecRule ARGS_GET:arg1 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1 "@contains attack" \
-    "id:100025,\
+    "id:100037,\
     phase:2,\
     deny,\
     t:none,\
@@ -53,7 +53,7 @@ SecRule ARGS_GET:arg1 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1 "@contains attack" \
-    "id:100026,\
+    "id:100038,\
     phase:3,\
     deny,\
     t:none,\
@@ -62,7 +62,7 @@ SecRule ARGS_GET:arg1 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1 "@contains attack" \
-    "id:100027,\
+    "id:100039,\
     phase:4,\
     deny,\
     t:none,\
@@ -71,7 +71,7 @@ SecRule ARGS_GET:arg1 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
-    "id:100028,\
+    "id:100040,\
     phase:1,\
     deny,\
     t:none,\
@@ -80,7 +80,7 @@ SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
-    "id:100029,\
+    "id:100041,\
     phase:2,\
     deny,\
     t:none,\
@@ -89,7 +89,7 @@ SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
-    "id:100030,\
+    "id:100042,\
     phase:3,\
     deny,\
     t:none,\
@@ -98,7 +98,7 @@ SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
-    "id:100031,\
+    "id:100043,\
     phase:4,\
     deny,\
     t:none,\
@@ -107,7 +107,7 @@ SecRule ARGS_GET:arg1|ARGS_GET:arg2 "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
-    "id:100032,\
+    "id:100044,\
     phase:1,\
     deny,\
     t:none,\
@@ -116,7 +116,7 @@ SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
-    "id:100033,\
+    "id:100045,\
     phase:2,\
     deny,\
     t:none,\
@@ -125,7 +125,7 @@ SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
-    "id:100034,\
+    "id:100046,\
     phase:3,\
     deny,\
     t:none,\
@@ -134,7 +134,7 @@ SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
     ver:'MRTS/0.1'"
 
 SecRule ARGS_GET:/^arg_.*$/ "@contains attack" \
-    "id:100035,\
+    "id:100047,\
     phase:4,\
     deny,\
     t:none,\