Add more XML tests, leaf or no-leaf, ARGS

hnakamur · hnakamur · commit 1634a2a707f9 · 2026-03-27T15:53:15.000+09:00
diff --git a/tests/regression/config/10-reqbody-limit-action-xml.t b/tests/regression/config/10-reqbody-limit-action-xml.t
@@ -201,6 +201,95 @@
 		'<root><a>' . '1' x 16355 . 'bad_value</a></root>',
 	),
 },
+{
+	type => "config",
+	comment => "SecRequestBodyLimitAction ProcessPartial (XML, non-leaf, <=NoFilesLimit, deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecRequestBodyLimitAction ProcessPartial
+		SecRequestBodyNoFilesLimit 16384
+		SecRequestBodyLimit 32768
+		SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+		SecRule XML:/* "bad_value" "id:'200002',phase:2,t:none,deny"
+	),
+	match_log => {
+		-error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/xml",
+			"Content-Length" => "16384",
+		],
+		'<root><a>' . '1' x 16351 . 'bad_value<b/></a></root>',
+	),
+},
+{
+	type => "config",
+	comment => "SecRequestBodyLimitAction ProcessPartial (XML, ARGS, non-leaf, <=NoFilesLimit, pass)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecParseXmlIntoArgs On
+		SecRequestBodyLimitAction ProcessPartial
+		SecRequestBodyNoFilesLimit 16384
+		SecRequestBodyLimit 32768
+		SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+		SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny"
+	),
+	match_log => {
+		-error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
+	},
+	match_response => {
+		status => qr/^200$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/xml",
+			"Content-Length" => "16384",
+		],
+		'<root><a>' . '1' x 16351 . 'bad_value<b/></a></root>',
+	),
+},
+{
+	type => "config",
+	comment => "SecRequestBodyLimitAction ProcessPartial (XML, ARGS, leaf, <=NoFilesLimit, deny)",
+	conf => qq(
+		SecRuleEngine On
+		SecDebugLog $ENV{DEBUG_LOG}
+		SecDebugLogLevel 9
+		SecRequestBodyAccess On
+		SecParseXmlIntoArgs On
+		SecRequestBodyLimitAction ProcessPartial
+		SecRequestBodyNoFilesLimit 16384
+		SecRequestBodyLimit 32768
+		SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\\+|/)|text/)xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+		SecRule ARGS "bad_value" "id:'200002',phase:2,t:none,deny"
+	),
+	match_log => {
+		-error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
+	},
+	match_response => {
+		status => qr/^403$/,
+	},
+	request => new HTTP::Request(
+		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+		[
+			"Content-Type" => "application/xml",
+			"Content-Length" => "16384",
+		],
+		'<root><a>' . '1' x 16355 . 'bad_value</a></root>',
+	),
+},
 {
 	type => "config",
 	comment => "SecRequestBodyLimitAction ProcessPartial (XML, >NoFilesLimit, no bad)",
