Skip to content

Commit 72045a4

Browse files
hnakamurhnakamur
committed
Add test cases for SecRequestBodyLimitAction
1 parent b207248 commit 72045a4

6 files changed

Lines changed: 1098 additions & 0 deletions

tests/regression/config/10-reqbody-limit-action-forcebodybuf.t

Lines changed: 192 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,192 @@
1+
{
2+
type => "config",
3+
comment => "SecRequestBodyLimitAction Reject (forcebodybuf, <=NoFilesLimit)",
4+
conf => qq(
5+
SecRuleEngine On
6+
SecDebugLog $ENV{DEBUG_LOG}
7+
SecDebugLogLevel 9
8+
SecRequestBodyAccess On
9+
SecRequestBodyLimitAction Reject
10+
SecRequestBodyNoFilesLimit 16384
11+
SecRequestBodyLimit 32768
12+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
13+
),
14+
match_response => {
15+
status => qr/^200$/,
16+
},
17+
request => new HTTP::Request(
18+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
19+
[
20+
"Content-Type" => "text/plain",
21+
"Content-Length" => "16384",
22+
],
23+
"a" x 16384,
24+
),
25+
},
26+
{
27+
type => "config",
28+
comment => "SecRequestBodyLimitAction Reject (forcebodybuf, >NoFilesLimit)",
29+
conf => qq(
30+
SecRuleEngine On
31+
SecDebugLog $ENV{DEBUG_LOG}
32+
SecDebugLogLevel 9
33+
SecRequestBodyAccess On
34+
SecRequestBodyNoFilesLimit 16384
35+
SecRequestBodyLimit 32768
36+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
37+
),
38+
match_log => {
39+
error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
40+
},
41+
match_response => {
42+
status => qr/^413$/,
43+
},
44+
request => new HTTP::Request(
45+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
46+
[
47+
"Content-Type" => "text/plain",
48+
"Content-Length" => "16385",
49+
],
50+
"a" x 16385,
51+
),
52+
},
53+
{
54+
type => "config",
55+
comment => "SecRequestBodyLimitAction Reject (forcebodybuf, >Limit, <=NoFilesLimit)",
56+
conf => qq(
57+
SecRuleEngine On
58+
SecDebugLog $ENV{DEBUG_LOG}
59+
SecDebugLogLevel 9
60+
SecRequestBodyAccess On
61+
SecRequestBodyLimitAction Reject
62+
SecRequestBodyNoFilesLimit 32768
63+
SecRequestBodyLimit 16384
64+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
65+
),
66+
match_log => {
67+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(16384\)\./, 1 ],
68+
},
69+
match_response => {
70+
status => qr/^413$/,
71+
},
72+
request => new HTTP::Request(
73+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
74+
[
75+
"Content-Type" => "application/json",
76+
"Content-Length" => "16385",
77+
],
78+
"a" x 16385,
79+
),
80+
},
81+
{
82+
type => "config",
83+
comment => "SecRequestBodyLimitAction Reject (forcebodybuf, >Limit, >NoFilesLimit)",
84+
conf => qq(
85+
SecRuleEngine On
86+
SecDebugLog $ENV{DEBUG_LOG}
87+
SecDebugLogLevel 9
88+
SecRequestBodyAccess On
89+
SecRequestBodyLimitAction Reject
90+
SecRequestBodyNoFilesLimit 16384
91+
SecRequestBodyLimit 32768
92+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
93+
),
94+
match_log => {
95+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(32768\)\./, 1 ],
96+
},
97+
match_response => {
98+
status => qr/^413$/,
99+
},
100+
request => new HTTP::Request(
101+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
102+
[
103+
"Content-Type" => "application/json",
104+
"Content-Length" => "32769",
105+
],
106+
"a" x 32769,
107+
),
108+
},
109+
{
110+
type => "config",
111+
comment => "SecRequestBodyLimitAction ProcessPartial (forcebodybuf, >NoFilesLimit)",
112+
conf => qq(
113+
SecRuleEngine On
114+
SecDebugLog $ENV{DEBUG_LOG}
115+
SecDebugLogLevel 9
116+
SecRequestBodyAccess On
117+
SecRequestBodyLimitAction ProcessPartial
118+
SecRequestBodyNoFilesLimit 16384
119+
SecRequestBodyLimit 32768
120+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
121+
),
122+
match_log => {
123+
error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
124+
},
125+
match_response => {
126+
status => qr/^200$/,
127+
},
128+
request => new HTTP::Request(
129+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
130+
[
131+
"Content-Type" => "text/plain",
132+
"Content-Length" => "16385",
133+
],
134+
"a" x 16385,
135+
),
136+
},
137+
{
138+
type => "config",
139+
comment => "SecRequestBodyLimitAction ProcessPartial (forcebodybuf, >Limit, <=NoFilesLimit) should be 200",
140+
conf => qq(
141+
SecRuleEngine On
142+
SecDebugLog $ENV{DEBUG_LOG}
143+
SecDebugLogLevel 9
144+
SecRequestBodyAccess On
145+
SecRequestBodyLimitAction ProcessPartial
146+
SecRequestBodyNoFilesLimit 32768
147+
SecRequestBodyLimit 16384
148+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
149+
),
150+
match_log => {
151+
error => [ qr/exit signal Segmentation fault \(11\), possible coredump in/, 1 ],
152+
},
153+
match_response => {
154+
status => qr/^500$/,
155+
},
156+
request => new HTTP::Request(
157+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
158+
[
159+
"Content-Type" => "text/plain",
160+
"Content-Length" => "16385",
161+
],
162+
"a" x 16385,
163+
),
164+
},
165+
{
166+
type => "config",
167+
comment => "SecRequestBodyLimitAction ProcessPartial (forcebodybuf, >Limit, >NoFilesLimit) should be 200",
168+
conf => qq(
169+
SecRuleEngine On
170+
SecDebugLog $ENV{DEBUG_LOG}
171+
SecDebugLogLevel 9
172+
SecRequestBodyAccess On
173+
SecRequestBodyLimitAction ProcessPartial
174+
SecRequestBodyNoFilesLimit 16384
175+
SecRequestBodyLimit 32768
176+
SecRule REQUEST_URI "/test.txt" "id:500219,phase:1,t:none,pass,ctl:forceRequestBodyVariable=On"
177+
),
178+
match_log => {
179+
error => [ qr/exit signal Segmentation fault \(11\), possible coredump in/, 1 ],
180+
},
181+
match_response => {
182+
status => qr/^500$/,
183+
},
184+
request => new HTTP::Request(
185+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
186+
[
187+
"Content-Type" => "application/json",
188+
"Content-Length" => "32769",
189+
],
190+
"a" x 32769,
191+
),
192+
},

tests/regression/config/10-reqbody-limit-action-json.t

Lines changed: 196 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,196 @@
1+
{
2+
type => "config",
3+
comment => "SecRequestBodyLimitAction Reject (JSON, <=NoFilesLimit)",
4+
conf => qq(
5+
SecRuleEngine On
6+
SecDebugLog $ENV{DEBUG_LOG}
7+
SecDebugLogLevel 9
8+
SecRequestBodyAccess On
9+
SecRequestBodyLimitAction Reject
10+
SecRequestBodyNoFilesLimit 16384
11+
SecRequestBodyLimit 32768
12+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
13+
),
14+
match_log => {
15+
-error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
16+
},
17+
match_response => {
18+
status => qr/^200$/,
19+
},
20+
request => new HTTP::Request(
21+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
22+
[
23+
"Content-Type" => "application/json",
24+
"Content-Length" => "16384",
25+
],
26+
'{"a":"' . "1" x 16376 . '"}',
27+
),
28+
},
29+
{
30+
type => "config",
31+
comment => "SecRequestBodyLimitAction Reject (JSON, >NoFilesLimit)",
32+
conf => qq(
33+
SecRuleEngine On
34+
SecDebugLog $ENV{DEBUG_LOG}
35+
SecDebugLogLevel 9
36+
SecRequestBodyAccess On
37+
SecRequestBodyLimitAction Reject
38+
SecRequestBodyNoFilesLimit 16384
39+
SecRequestBodyLimit 32768
40+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
41+
),
42+
match_log => {
43+
error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
44+
},
45+
match_response => {
46+
status => qr/^413$/,
47+
},
48+
request => new HTTP::Request(
49+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
50+
[
51+
"Content-Type" => "application/json",
52+
"Content-Length" => "16385",
53+
],
54+
'{"a":"' . "1" x 16377 . '"}',
55+
),
56+
},
57+
{
58+
type => "config",
59+
comment => "SecRequestBodyLimitAction Reject (JSON, >Limit, <=NoFilesLimit)",
60+
conf => qq(
61+
SecRuleEngine On
62+
SecDebugLog $ENV{DEBUG_LOG}
63+
SecDebugLogLevel 9
64+
SecRequestBodyAccess On
65+
SecRequestBodyLimitAction Reject
66+
SecRequestBodyNoFilesLimit 32768
67+
SecRequestBodyLimit 16384
68+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
69+
),
70+
match_log => {
71+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(16384\)\./, 1 ],
72+
},
73+
match_response => {
74+
status => qr/^413$/,
75+
},
76+
request => new HTTP::Request(
77+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
78+
[
79+
"Content-Type" => "application/json",
80+
"Content-Length" => "16385",
81+
],
82+
'{"a":"' . "1" x 16377 . '"}',
83+
),
84+
},
85+
{
86+
type => "config",
87+
comment => "SecRequestBodyLimitAction Reject (JSON, >Limit, >NoFilesLimit)",
88+
conf => qq(
89+
SecRuleEngine On
90+
SecDebugLog $ENV{DEBUG_LOG}
91+
SecDebugLogLevel 9
92+
SecRequestBodyAccess On
93+
SecRequestBodyLimitAction Reject
94+
SecRequestBodyNoFilesLimit 16384
95+
SecRequestBodyLimit 32768
96+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
97+
),
98+
match_log => {
99+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(32768\)\./, 1 ],
100+
},
101+
match_response => {
102+
status => qr/^413$/,
103+
},
104+
request => new HTTP::Request(
105+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
106+
[
107+
"Content-Type" => "application/json",
108+
"Content-Length" => "32769",
109+
],
110+
'{"a":"' . "1" x 32761 . '"}',
111+
),
112+
},
113+
{
114+
type => "config",
115+
comment => "SecRequestBodyLimitAction ProcessPartial (JSON, >NoFilesLimit)",
116+
conf => qq(
117+
SecRuleEngine On
118+
SecDebugLog $ENV{DEBUG_LOG}
119+
SecDebugLogLevel 9
120+
SecRequestBodyAccess On
121+
SecRequestBodyLimitAction ProcessPartial
122+
SecRequestBodyNoFilesLimit 16384
123+
SecRequestBodyLimit 32768
124+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
125+
),
126+
match_log => {
127+
error => [ qr/Request body no files data length is larger than the configured limit \(16384\)\./, 1 ],
128+
},
129+
match_response => {
130+
status => qr/^200$/,
131+
},
132+
request => new HTTP::Request(
133+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
134+
[
135+
"Content-Type" => "application/json",
136+
"Content-Length" => "16385",
137+
],
138+
'{"a":"' . "1" x 16377 . '"}',
139+
),
140+
},
141+
{
142+
type => "config",
143+
comment => "SecRequestBodyLimitAction ProcessPartial (JSON, >Limit, <=NoFilesLimit)",
144+
conf => qq(
145+
SecRuleEngine On
146+
SecDebugLog $ENV{DEBUG_LOG}
147+
SecDebugLogLevel 9
148+
SecRequestBodyAccess On
149+
SecRequestBodyLimitAction ProcessPartial
150+
SecRequestBodyNoFilesLimit 32768
151+
SecRequestBodyLimit 16384
152+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
153+
),
154+
match_log => {
155+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(16384\)\./, 1 ],
156+
},
157+
match_response => {
158+
status => qr/^200$/,
159+
},
160+
request => new HTTP::Request(
161+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
162+
[
163+
"Content-Type" => "application/json",
164+
"Content-Length" => "16385",
165+
],
166+
'{"a":"' . "1" x 16377 . '"}',
167+
),
168+
},
169+
{
170+
type => "config",
171+
comment => "SecRequestBodyLimitAction ProcessPartial (JSON, >Limit, >NoFilesLimit)",
172+
conf => qq(
173+
SecRuleEngine On
174+
SecDebugLog $ENV{DEBUG_LOG}
175+
SecDebugLogLevel 9
176+
SecRequestBodyAccess On
177+
SecRequestBodyLimitAction ProcessPartial
178+
SecRequestBodyNoFilesLimit 16384
179+
SecRequestBodyLimit 32768
180+
SecRule REQUEST_HEADERS:Content-Type "application/json" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
181+
),
182+
match_log => {
183+
error => [ qr/Request body \(Content-Length\) is larger than the configured limit \(32768\)\./, 1 ],
184+
},
185+
match_response => {
186+
status => qr/^200$/,
187+
},
188+
request => new HTTP::Request(
189+
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
190+
[
191+
"Content-Type" => "application/json",
192+
"Content-Length" => "32769",
193+
],
194+
'{"a":"' . "1" x 32761 . '"}',
195+
),
196+
},

0 commit comments

Comments
 (0)