diff --git a/README.md b/README.md index c8b82e2..51c34c3 100644 --- a/README.md +++ b/README.md @@ -620,6 +620,16 @@ To combine the default check on the current rule id with additional checks, the This way, the status check will be used in addition to the default rule id check. +For writing negative tests, you can also use the `no_expect_ids` test in the same way: + +```yaml + output: + log: + no_expect_ids: [] +``` + +This way, the current rule id will be appended and the check verifies it does not show up in logs. + Exact properties, syntax, available checks and parameters are dependent on the used version of `go-ftw`. The generator will simply replace what is defined under the `output` field in the corresponding field of the generated test case. As described for `go-ftw`, [if any of the checks fail the test will fail](https://github.com/coreruleset/go-ftw?tab=readme-ov-file#how-log-parsing-works). diff --git a/config_tests/CONF_000_GLOBAL.yaml b/config_tests/CONF_000_GLOBAL.yaml index 7b57329..03ab3c7 100644 --- a/config_tests/CONF_000_GLOBAL.yaml +++ b/config_tests/CONF_000_GLOBAL.yaml @@ -13,6 +13,15 @@ global: log,\ msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\ ver:'${VERSION}$'" + - name: "Non-disruptive SecRule for TARGETS" + template: | + SecRule ${TARGET}$ "${OPERATOR}$ ${OPARG}$" \ + "id:${CURRID}$,\ + phase:${PHASE}$,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:${PHASE}$',\ + ver:'${VERSION}$'" default_tests_phase_methods: - 1: get - 2: post diff --git a/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES-NEG.yaml b/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..f21d2cf --- /dev/null +++ b/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,37 @@ +target: MATCHED_VARS_NAMES +rulefile: MRTS_026_MATCHED_VARS_NAMES-NEG.conf +testfile: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml +templates: +- Non-disruptive SecRule for TARGETS +colkey: +- - '' +operator: +- '@contains' +oparg: +- ARGS:matched_vars_names_negative_test +generation: + before_each: | + SecRule ARGS "@rx matched_vars_names_negative_test" "id:${CURRID}$, phase:${PHASE}$, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + SecRule ARGS "@rx matched_vars_names_test" "id:${CURRID}$, phase:${PHASE}$, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +phase: +- 1 +- 2 +- 3 +- 4 +- 5 +testdata: + phase_methods: + 1: get + 2: post + 3: post + 4: post + 5: post + targets: + - target: '' + test: + data: + matched_vars_names_test: matched_vars_names_test + matched_vars_names_negative_test: matched_vars_names_negative_test + output: + log: + no_expect_ids: [] \ No newline at end of file diff --git a/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES.yaml b/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..71df501 --- /dev/null +++ b/config_tests/CONF_026_TARGET_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,38 @@ +target: MATCHED_VARS_NAMES +rulefile: MRTS_026_MATCHED_VARS_NAMES.conf +testfile: MRTS_026_MATCHED_VARS_NAMES.yaml +templates: +- Non-disruptive SecRule for TARGETS +colkey: +- - '' +operator: +- '@contains' +oparg: +- ARGS:matched_vars_names_test +- ARGS_NAMES:matched_vars_names_test +- REQUEST_COOKIES:matched_vars_names_test +generation: + before_each: | + SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:${CURRID}$, phase:${PHASE}$, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +phase: +- 1 +- 2 +- 3 +- 4 +- 5 +testdata: + phase_methods: + 1: get + 2: post + 3: post + 4: post + 5: post + targets: + - target: '' + test: + data: + matched_vars_names_test: matched_vars_names_test + input: + headers: + - name: Cookie + value: matched_vars_names_test=matched_vars_names_test diff --git a/generated/rules/MRTS_026_MATCHED_VARS_NAMES-NEG.conf b/generated/rules/MRTS_026_MATCHED_VARS_NAMES-NEG.conf new file mode 100644 index 0000000..f4d75ba --- /dev/null +++ b/generated/rules/MRTS_026_MATCHED_VARS_NAMES-NEG.conf @@ -0,0 +1,55 @@ +SecRule ARGS "@rx matched_vars_names_negative_test" "id:100092, phase:1, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +SecRule ARGS "@rx matched_vars_names_test" "id:100093, phase:1, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_negative_test" \ + "id:100094,\ + phase:1,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\ + ver:'MRTS/0.1'" + +SecRule ARGS "@rx matched_vars_names_negative_test" "id:100095, phase:2, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +SecRule ARGS "@rx matched_vars_names_test" "id:100096, phase:2, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_negative_test" \ + "id:100097,\ + phase:2,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\ + ver:'MRTS/0.1'" + +SecRule ARGS "@rx matched_vars_names_negative_test" "id:100098, phase:3, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +SecRule ARGS "@rx matched_vars_names_test" "id:100099, phase:3, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_negative_test" \ + "id:100100,\ + phase:3,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\ + ver:'MRTS/0.1'" + +SecRule ARGS "@rx matched_vars_names_negative_test" "id:100101, phase:4, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +SecRule ARGS "@rx matched_vars_names_test" "id:100102, phase:4, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_negative_test" \ + "id:100103,\ + phase:4,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\ + ver:'MRTS/0.1'" + +SecRule ARGS "@rx matched_vars_names_negative_test" "id:100104, phase:5, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" +SecRule ARGS "@rx matched_vars_names_test" "id:100105, phase:5, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_negative_test" \ + "id:100106,\ + phase:5,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\ + ver:'MRTS/0.1'" + diff --git a/generated/rules/MRTS_026_MATCHED_VARS_NAMES.conf b/generated/rules/MRTS_026_MATCHED_VARS_NAMES.conf new file mode 100644 index 0000000..e2ae52a --- /dev/null +++ b/generated/rules/MRTS_026_MATCHED_VARS_NAMES.conf @@ -0,0 +1,150 @@ +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100107, phase:1, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_test" \ + "id:100108,\ + phase:1,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100109, phase:2, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_test" \ + "id:100110,\ + phase:2,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100111, phase:3, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_test" \ + "id:100112,\ + phase:3,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100113, phase:4, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_test" \ + "id:100114,\ + phase:4,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100115, phase:5, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS:matched_vars_names_test" \ + "id:100116,\ + phase:5,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100117, phase:1, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS_NAMES:matched_vars_names_test" \ + "id:100118,\ + phase:1,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100119, phase:2, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS_NAMES:matched_vars_names_test" \ + "id:100120,\ + phase:2,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100121, phase:3, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS_NAMES:matched_vars_names_test" \ + "id:100122,\ + phase:3,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100123, phase:4, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS_NAMES:matched_vars_names_test" \ + "id:100124,\ + phase:4,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100125, phase:5, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains ARGS_NAMES:matched_vars_names_test" \ + "id:100126,\ + phase:5,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100127, phase:1, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains REQUEST_COOKIES:matched_vars_names_test" \ + "id:100128,\ + phase:1,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100129, phase:2, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains REQUEST_COOKIES:matched_vars_names_test" \ + "id:100130,\ + phase:2,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100131, phase:3, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains REQUEST_COOKIES:matched_vars_names_test" \ + "id:100132,\ + phase:3,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100133, phase:4, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains REQUEST_COOKIES:matched_vars_names_test" \ + "id:100134,\ + phase:4,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\ + ver:'MRTS/0.1'" + +SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES "@rx matched_vars_names_test" "id:100135, phase:5, pass, log, msg:'matched vars is: %{MATCHED_VARS_NAMES}'" + +SecRule MATCHED_VARS_NAMES "@contains REQUEST_COOKIES:matched_vars_names_test" \ + "id:100136,\ + phase:5,\ + t:none,\ + log,\ + msg:'%{MATCHED_VAR_NAME} was caught in phase:5',\ + ver:'MRTS/0.1'" + diff --git a/generated/rules/MRTS_110_XML.conf b/generated/rules/MRTS_110_XML.conf index 87fb4ce..ea5ae6e 100644 --- a/generated/rules/MRTS_110_XML.conf +++ b/generated/rules/MRTS_110_XML.conf @@ -1,5 +1,5 @@ SecRule XML:/* "@beginsWith foo" \ - "id:100092,\ + "id:100137,\ phase:2,\ deny,\ t:none,\ @@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \ ver:'MRTS/0.1'" SecRule XML:/* "@beginsWith foo" \ - "id:100093,\ + "id:100138,\ phase:3,\ deny,\ t:none,\ @@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \ ver:'MRTS/0.1'" SecRule XML:/* "@beginsWith foo" \ - "id:100094,\ + "id:100139,\ phase:4,\ deny,\ t:none,\ diff --git a/generated/tests/regression/tests/100094_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml b/generated/tests/regression/tests/100094_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..59cbd9f --- /dev/null +++ b/generated/tests/regression/tests/100094_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,28 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml + description: Desc +tests: +- test_title: 100094-1 + ruleid: 100094 + test_id: 1 + desc: 'Test case for rule 100094, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: GET + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: /?matched_vars_names_test=matched_vars_names_test&matched_vars_names_negative_test=matched_vars_names_negative_test + version: HTTP/1.1 + output: + log: + no_expect_ids: + - 100094 diff --git a/generated/tests/regression/tests/100097_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml b/generated/tests/regression/tests/100097_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..c66b000 --- /dev/null +++ b/generated/tests/regression/tests/100097_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml + description: Desc +tests: +- test_title: 100097-1 + ruleid: 100097 + test_id: 1 + desc: 'Test case for rule 100097, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test&matched_vars_names_negative_test=matched_vars_names_negative_test + output: + log: + no_expect_ids: + - 100097 diff --git a/generated/tests/regression/tests/100100_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml b/generated/tests/regression/tests/100100_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..9d06214 --- /dev/null +++ b/generated/tests/regression/tests/100100_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml + description: Desc +tests: +- test_title: 100100-1 + ruleid: 100100 + test_id: 1 + desc: 'Test case for rule 100100, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test&matched_vars_names_negative_test=matched_vars_names_negative_test + output: + log: + no_expect_ids: + - 100100 diff --git a/generated/tests/regression/tests/100103_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml b/generated/tests/regression/tests/100103_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..683e4c4 --- /dev/null +++ b/generated/tests/regression/tests/100103_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml + description: Desc +tests: +- test_title: 100103-1 + ruleid: 100103 + test_id: 1 + desc: 'Test case for rule 100103, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test&matched_vars_names_negative_test=matched_vars_names_negative_test + output: + log: + no_expect_ids: + - 100103 diff --git a/generated/tests/regression/tests/100106_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml b/generated/tests/regression/tests/100106_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml new file mode 100644 index 0000000..c48e9f0 --- /dev/null +++ b/generated/tests/regression/tests/100106_MRTS_026_MATCHED_VARS_NAMES-NEG.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES-NEG.yaml + description: Desc +tests: +- test_title: 100106-1 + ruleid: 100106 + test_id: 1 + desc: 'Test case for rule 100106, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test&matched_vars_names_negative_test=matched_vars_names_negative_test + output: + log: + no_expect_ids: + - 100106 diff --git a/generated/tests/regression/tests/100108_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100108_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..9246c88 --- /dev/null +++ b/generated/tests/regression/tests/100108_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100108-1 + ruleid: 100108 + test_id: 1 + desc: 'Test case for rule 100108, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: GET + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /?matched_vars_names_test=matched_vars_names_test + version: HTTP/1.1 + output: + log: + expect_ids: + - 100108 diff --git a/generated/tests/regression/tests/100110_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100110_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..d635fc0 --- /dev/null +++ b/generated/tests/regression/tests/100110_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100110-1 + ruleid: 100110 + test_id: 1 + desc: 'Test case for rule 100110, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100110 diff --git a/generated/tests/regression/tests/100112_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100112_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..e2b92f4 --- /dev/null +++ b/generated/tests/regression/tests/100112_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100112-1 + ruleid: 100112 + test_id: 1 + desc: 'Test case for rule 100112, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100112 diff --git a/generated/tests/regression/tests/100114_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100114_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..79bc64a --- /dev/null +++ b/generated/tests/regression/tests/100114_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100114-1 + ruleid: 100114 + test_id: 1 + desc: 'Test case for rule 100114, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100114 diff --git a/generated/tests/regression/tests/100116_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100116_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..97aa5dc --- /dev/null +++ b/generated/tests/regression/tests/100116_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100116-1 + ruleid: 100116 + test_id: 1 + desc: 'Test case for rule 100116, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100116 diff --git a/generated/tests/regression/tests/100118_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100118_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..33a471b --- /dev/null +++ b/generated/tests/regression/tests/100118_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100118-1 + ruleid: 100118 + test_id: 1 + desc: 'Test case for rule 100118, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: GET + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /?matched_vars_names_test=matched_vars_names_test + version: HTTP/1.1 + output: + log: + expect_ids: + - 100118 diff --git a/generated/tests/regression/tests/100120_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100120_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..6f75245 --- /dev/null +++ b/generated/tests/regression/tests/100120_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100120-1 + ruleid: 100120 + test_id: 1 + desc: 'Test case for rule 100120, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100120 diff --git a/generated/tests/regression/tests/100122_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100122_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..bb611af --- /dev/null +++ b/generated/tests/regression/tests/100122_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100122-1 + ruleid: 100122 + test_id: 1 + desc: 'Test case for rule 100122, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100122 diff --git a/generated/tests/regression/tests/100124_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100124_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..196a5a7 --- /dev/null +++ b/generated/tests/regression/tests/100124_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100124-1 + ruleid: 100124 + test_id: 1 + desc: 'Test case for rule 100124, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100124 diff --git a/generated/tests/regression/tests/100126_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100126_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..6803347 --- /dev/null +++ b/generated/tests/regression/tests/100126_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100126-1 + ruleid: 100126 + test_id: 1 + desc: 'Test case for rule 100126, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100126 diff --git a/generated/tests/regression/tests/100128_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100128_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..47d552d --- /dev/null +++ b/generated/tests/regression/tests/100128_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,29 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100128-1 + ruleid: 100128 + test_id: 1 + desc: 'Test case for rule 100128, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: GET + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /?matched_vars_names_test=matched_vars_names_test + version: HTTP/1.1 + output: + log: + expect_ids: + - 100128 diff --git a/generated/tests/regression/tests/100130_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100130_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..aa2eca8 --- /dev/null +++ b/generated/tests/regression/tests/100130_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100130-1 + ruleid: 100130 + test_id: 1 + desc: 'Test case for rule 100130, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100130 diff --git a/generated/tests/regression/tests/100132_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100132_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..db19a72 --- /dev/null +++ b/generated/tests/regression/tests/100132_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100132-1 + ruleid: 100132 + test_id: 1 + desc: 'Test case for rule 100132, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100132 diff --git a/generated/tests/regression/tests/100134_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100134_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..1563fe4 --- /dev/null +++ b/generated/tests/regression/tests/100134_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100134-1 + ruleid: 100134 + test_id: 1 + desc: 'Test case for rule 100134, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100134 diff --git a/generated/tests/regression/tests/100136_MRTS_026_MATCHED_VARS_NAMES.yaml b/generated/tests/regression/tests/100136_MRTS_026_MATCHED_VARS_NAMES.yaml new file mode 100644 index 0000000..7687cff --- /dev/null +++ b/generated/tests/regression/tests/100136_MRTS_026_MATCHED_VARS_NAMES.yaml @@ -0,0 +1,30 @@ +--- +meta: + author: MRTS generate-rules.py + enabled: true + name: MRTS_026_MATCHED_VARS_NAMES.yaml + description: Desc +tests: +- test_title: 100136-1 + ruleid: 100136 + test_id: 1 + desc: 'Test case for rule 100136, #1' + stages: + - description: Send request + input: + dest_addr: 127.0.0.1 + port: 80 + protocol: http + method: POST + headers: + User-Agent: OWASP MRTS test agent + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Cookie: matched_vars_names_test=matched_vars_names_test + uri: /post + version: HTTP/1.1 + data: matched_vars_names_test=matched_vars_names_test + output: + log: + expect_ids: + - 100136 diff --git a/generated/tests/regression/tests/100092_MRTS_110_XML.yaml b/generated/tests/regression/tests/100137_MRTS_110_XML.yaml similarity index 86% rename from generated/tests/regression/tests/100092_MRTS_110_XML.yaml rename to generated/tests/regression/tests/100137_MRTS_110_XML.yaml index c6892ce..250972b 100644 --- a/generated/tests/regression/tests/100092_MRTS_110_XML.yaml +++ b/generated/tests/regression/tests/100137_MRTS_110_XML.yaml @@ -5,10 +5,10 @@ meta: name: MRTS_110_XML.yaml description: Desc tests: -- test_title: 100092-1 - ruleid: 100092 +- test_title: 100137-1 + ruleid: 100137 test_id: 1 - desc: 'Test case for rule 100092, #1' + desc: 'Test case for rule 100137, #1' stages: - description: Send request input: @@ -27,4 +27,4 @@ tests: output: log: expect_ids: - - 100092 + - 100137 diff --git a/generated/tests/regression/tests/100093_MRTS_110_XML.yaml b/generated/tests/regression/tests/100138_MRTS_110_XML.yaml similarity index 86% rename from generated/tests/regression/tests/100093_MRTS_110_XML.yaml rename to generated/tests/regression/tests/100138_MRTS_110_XML.yaml index 3d376d6..1a213dc 100644 --- a/generated/tests/regression/tests/100093_MRTS_110_XML.yaml +++ b/generated/tests/regression/tests/100138_MRTS_110_XML.yaml @@ -5,10 +5,10 @@ meta: name: MRTS_110_XML.yaml description: Desc tests: -- test_title: 100093-1 - ruleid: 100093 +- test_title: 100138-1 + ruleid: 100138 test_id: 1 - desc: 'Test case for rule 100093, #1' + desc: 'Test case for rule 100138, #1' stages: - description: Send request input: @@ -27,4 +27,4 @@ tests: output: log: expect_ids: - - 100093 + - 100138 diff --git a/generated/tests/regression/tests/100094_MRTS_110_XML.yaml b/generated/tests/regression/tests/100139_MRTS_110_XML.yaml similarity index 86% rename from generated/tests/regression/tests/100094_MRTS_110_XML.yaml rename to generated/tests/regression/tests/100139_MRTS_110_XML.yaml index 5ef6b32..5bdbc45 100644 --- a/generated/tests/regression/tests/100094_MRTS_110_XML.yaml +++ b/generated/tests/regression/tests/100139_MRTS_110_XML.yaml @@ -5,10 +5,10 @@ meta: name: MRTS_110_XML.yaml description: Desc tests: -- test_title: 100094-1 - ruleid: 100094 +- test_title: 100139-1 + ruleid: 100139 test_id: 1 - desc: 'Test case for rule 100094, #1' + desc: 'Test case for rule 100139, #1' stages: - description: Send request input: @@ -27,4 +27,4 @@ tests: output: log: expect_ids: - - 100094 + - 100139 diff --git a/mrts/generate-rules.py b/mrts/generate-rules.py index e3e367e..bdcf08f 100755 --- a/mrts/generate-rules.py +++ b/mrts/generate-rules.py @@ -9,6 +9,7 @@ import re import copy from ast import literal_eval +import urllib.parse NAME = "MRTS" VERSION = "0.1" @@ -331,17 +332,19 @@ def genrulefromtemplate(self, tpl, current_confdata): item['desc'] = "Test case for rule %d, #%d" % (self.currid, testcnt) item['stages'][0]['description'] = "Send request" item['stages'][0]['input']['method'] = self.current_confdata['phase_methods'][phase].upper() - if self.current_testdata['phase_methods'][phase].lower() == "post": - if isinstance(test['test']['data'], dict): - ik, iv = list(test['test']['data'].items())[0] - item['stages'][0]['input']['data'] = "%s=%s" % (ik, iv) - elif isinstance(test['test']['data'], str): - item['stages'][0]['input']['data'] = "%s" % (test['test']['data']) + method = self.current_testdata['phase_methods'][phase].lower() + data = test['test']['data'] + if method == "post": + if isinstance(data, dict): + encoded_data = urllib.parse.urlencode(data) + item['stages'][0]['input']['data'] = encoded_data + elif isinstance(data, str): + item['stages'][0]['input']['data'] = data item['stages'][0]['input']['uri'] = "/post" - if self.current_testdata['phase_methods'][phase].lower() == "get": - if isinstance(test['test']['data'], dict): - ik, iv = list(test['test']['data'].items())[0] - item['stages'][0]['input']['uri'] = "/?%s=%s" % (ik, iv) + elif method == "get": + if isinstance(data, dict): + query = urllib.parse.urlencode(data) + item['stages'][0]['input']['uri'] = "/?" + query # add headers if there are if 'input' in test['test']: if 'headers' in test['test']['input']: @@ -354,10 +357,12 @@ def genrulefromtemplate(self, tpl, current_confdata): # overwrite default output field if 'output' in test['test']: item['stages'][0]['output'] = test['test']['output'] - # if expect_ids is in rewrite, append the current rule id + # if [no_]expect_ids is in rewrite, append the current rule id if 'log' in item['stages'][0]['output']: if 'expect_ids' in item['stages'][0]['output']['log']: - item['stages'][0]['output']['log']['expect_ids'].append(self.currid) + item['stages'][0]['output']['log']['expect_ids'] = [self.currid] + if 'no_expect_ids' in item['stages'][0]['output']['log']: + item['stages'][0]['output']['log']['no_expect_ids'] = [self.currid] else: item['stages'][0]['output']['log']['expect_ids'].append(self.currid)