diff --git a/pkg/rules/rules_test.go b/pkg/rules/rules_test.go index 14158a8..fbbb474 100644 --- a/pkg/rules/rules_test.go +++ b/pkg/rules/rules_test.go @@ -1,6 +1,7 @@ package rules import ( + "io/ioutil" "testing" "github.com/stretchr/testify/assert" @@ -8,31 +9,24 @@ import ( ) const ( - ruleID = 10101010 + ruleID = 10101010 + testdata = "testdata/" ) var ruleTests = []struct { testName string alerts []model.ModsecAlert - rule string + ruleFile string }{ { "Some path", []model.ModsecAlert{{URI: "/some/path", ID: 10}}, - ` -SecRule REQUEST_URI "@strmatch /some/path" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveById=10" -`, + "rule1.conf", }, { "Root path", []model.ModsecAlert{{URI: "/", ID: 9010}}, - ` -SecRule REQUEST_URI "@strmatch /" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveById=9010" -`, + "rule2.conf", }, { "Combine multiple alerts by path", @@ -42,17 +36,7 @@ SecRule REQUEST_URI "@strmatch /" \ {URI: "/path", ID: 9012}, {URI: "/path", ID: 942430, Description: `ModSecurity: Warning. Pattern match "((?:[~!@#\\$%\\^&\\*\\(\\)\\-\\+=\\{\\}\\[\\]\\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98<>][^~!@#\\$%\\^&\\*\\(\\)\\-\\+=\\{\\}\\[\\]\\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98<>]*?){6})" at ARGS:variables.`}, }, - ` -# Path /path -# This is the default template -# Some other template -SecRule REQUEST_URI "@strmatch /path" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveById=9010,\ - ctl:ruleRemoveById=9011,\ - ctl:ruleRemoveById=9012,\ - ctl:ruleRemoveTargetById=942430;ARGS:variables" -`, + "rule3.conf", }, { "Multiple paths", @@ -62,26 +46,7 @@ SecRule REQUEST_URI "@strmatch /path" \ {URI: "/path/three", ID: 9012}, {URI: "/some/path", ID: 942430, Description: "ModSecurity: Warning. Pattern match W{4} at ARGS:query.", RuleTemplate: "# ModSec Rule Exclusion: 942430 : Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) (severity: WARNING) PL2"}, }, - ` -# This is the default template -SecRule REQUEST_URI "@strmatch /path/one" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveById=9010" - -SecRule REQUEST_URI "@strmatch /path/three" \ - "phase:2,nolog,id:10101011,\ - ctl:ruleRemoveById=9012" - -# Some other template -SecRule REQUEST_URI "@strmatch /path/two" \ - "phase:2,nolog,id:10101012,\ - ctl:ruleRemoveById=9011" - -# ModSec Rule Exclusion: 942430 : Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) (severity: WARNING) PL2 -SecRule REQUEST_URI "@strmatch /some/path" \ - "phase:2,nolog,id:10101013,\ - ctl:ruleRemoveTargetById=942430;ARGS:query" -`, + "rule4.conf", }, { "With parameter", @@ -89,24 +54,14 @@ SecRule REQUEST_URI "@strmatch /some/path" \ {URI: "/some/path", ID: 942430, Description: "ModSecurity: Warning. Pattern match W{4} at ARGS:query."}, {URI: "/some/path", ID: 942431, Description: `ModSecurity: Warning. Pattern match "((?:[~!@#\\$%\\^&\\*\\(\\)\\-\\+=\\{\\}\\[\\]\\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98<>][^~!@#\\$%\\^&\\*\\(\\)\\-\\+=\\{\\}\\[\\]\\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98<>]*?){6})" at ARGS:identificationRedirectURL.`}, }, - ` -# Path /some/path -SecRule REQUEST_URI "@strmatch /some/path" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveTargetById=942430;ARGS:query,\ - ctl:ruleRemoveTargetById=942431;ARGS:identificationRedirectURL" -`, + "rule5.conf", }, { "Non matched parameter", []model.ModsecAlert{ {URI: "/", ID: 921180, Description: `ModSecurity: Warning. Pattern match "TX:paramcounter_(.*)" at TX:paramcounter_ARGS_NAMES:prospectSingle.contactMethods.contactMethods.value.`}, }, - ` -SecRule REQUEST_URI "@strmatch /" \ - "phase:2,nolog,id:10101010,\ - ctl:ruleRemoveById=921180" -`, + "rule6.conf", }, } @@ -115,7 +70,10 @@ func TestCreateByIDExclusion(t *testing.T) { t.Run(test.testName, func(t *testing.T) { rule, err := CreateByIDExclusion(test.alerts, ruleID) assert.NoError(t, err) - assert.Equal(t, test.rule, rule) + ruleBytes, err := ioutil.ReadFile(testdata + test.ruleFile) + assert.NoError(t, err) + ruleString := string(ruleBytes) + assert.Equal(t, ruleString, rule) }) } } diff --git a/pkg/rules/testdata/rule1.conf b/pkg/rules/testdata/rule1.conf new file mode 100644 index 0000000..182246c --- /dev/null +++ b/pkg/rules/testdata/rule1.conf @@ -0,0 +1,4 @@ + +SecRule REQUEST_URI "@strmatch /some/path" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveById=10" diff --git a/pkg/rules/testdata/rule2.conf b/pkg/rules/testdata/rule2.conf new file mode 100644 index 0000000..1335ef9 --- /dev/null +++ b/pkg/rules/testdata/rule2.conf @@ -0,0 +1,4 @@ + +SecRule REQUEST_URI "@strmatch /" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveById=9010" diff --git a/pkg/rules/testdata/rule3.conf b/pkg/rules/testdata/rule3.conf new file mode 100644 index 0000000..1f9cbcd --- /dev/null +++ b/pkg/rules/testdata/rule3.conf @@ -0,0 +1,10 @@ + +# Path /path +# This is the default template +# Some other template +SecRule REQUEST_URI "@strmatch /path" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveById=9010,\ + ctl:ruleRemoveById=9011,\ + ctl:ruleRemoveById=9012,\ + ctl:ruleRemoveTargetById=942430;ARGS:variables" diff --git a/pkg/rules/testdata/rule4.conf b/pkg/rules/testdata/rule4.conf new file mode 100644 index 0000000..9230671 --- /dev/null +++ b/pkg/rules/testdata/rule4.conf @@ -0,0 +1,19 @@ + +# This is the default template +SecRule REQUEST_URI "@strmatch /path/one" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveById=9010" + +SecRule REQUEST_URI "@strmatch /path/three" \ + "phase:2,nolog,id:10101011,\ + ctl:ruleRemoveById=9012" + +# Some other template +SecRule REQUEST_URI "@strmatch /path/two" \ + "phase:2,nolog,id:10101012,\ + ctl:ruleRemoveById=9011" + +# ModSec Rule Exclusion: 942430 : Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) (severity: WARNING) PL2 +SecRule REQUEST_URI "@strmatch /some/path" \ + "phase:2,nolog,id:10101013,\ + ctl:ruleRemoveTargetById=942430;ARGS:query" diff --git a/pkg/rules/testdata/rule5.conf b/pkg/rules/testdata/rule5.conf new file mode 100644 index 0000000..313b087 --- /dev/null +++ b/pkg/rules/testdata/rule5.conf @@ -0,0 +1,6 @@ + +# Path /some/path +SecRule REQUEST_URI "@strmatch /some/path" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveTargetById=942430;ARGS:query,\ + ctl:ruleRemoveTargetById=942431;ARGS:identificationRedirectURL" diff --git a/pkg/rules/testdata/rule6.conf b/pkg/rules/testdata/rule6.conf new file mode 100644 index 0000000..bd2f9e2 --- /dev/null +++ b/pkg/rules/testdata/rule6.conf @@ -0,0 +1,4 @@ + +SecRule REQUEST_URI "@strmatch /" \ + "phase:2,nolog,id:10101010,\ + ctl:ruleRemoveById=921180"