Permalink
Browse files

Adds regression test to the hash functionality

As reported on: #742 and #752 it seems that the SecHash functionality is
not working as expected.
  • Loading branch information...
zimmerle committed Jul 7, 2014
1 parent 046b553 commit 9c4c732e4e3f148e05f278c9b07ffcaedacad20b
Showing with 124 additions and 0 deletions.
  1. +118 −0 tests/regression/misc/40-sec-hash-engine.t
  2. +6 −0 tests/regression/server_root/htdocs/hash_test.html
@@ -0,0 +1,118 @@
+### libinjection.
+
+{
+ type => "misc",
+ comment => "SecHash engine - missing paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ error => [ qr/Request URI matched .* at REQUEST_URI. No Hash parameter/, 1],
+ debug => [ qr/Request URI without hash parameter/, 1 ],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - wrong paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ status => qr/^403$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=test",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - correct paramenter",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLog $ENV{DEBUG_LOG}
+ SecDebugLogLevel 9
+ SecRequestBodyAccess On
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "some_key" KeyOnly
+ SecHashMethodRx "HashHref" "\.(txt)"
+ SecRule REQUEST_URI "\@validateHash \.(txt)" "phase:2,id:1000,t:none,ctl:hashEnforcement=On,deny"
+ ),
+ match_log => {
+ -error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ status => qr/^200$/,
+ },
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.txt?hmac=a17d5c0a78b54a15f19ccb5d47651470c7b8f31f",
+ ),
+},
+{
+ type => "misc",
+ comment => "SecHash engine - link verification",
+ conf => qq(
+ SecRuleEngine On
+ SecDebugLogLevel 9
+ SecDebugLog $ENV{DEBUG_LOG}
+
+ SecContentInjection On
+ SecStreamOutBodyInspection On
+ SecDisableBackendCompression On
+
+ SecHashEngine On
+ SecHashParam "hmac"
+ SecHashKey "rand" "KeyOnly"
+ SecHashMethodRx "HashHref" "testparam"
+ ),
+ match_log => {
+ -error => [ qr/Request URI matched .* at REQUEST_URI. Hash parameter hash value = .* Requested URI hash value = .*/, 1],
+ },
+ match_response => {
+ content => qr/testparam=123456&hmac=a95a6c5324869521e82e8b2465dd36a27b0b6d27/,
+ },
+
+ request => new HTTP::Request(
+ GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/hash_test.html",
+ ),
+},
+
+
+
@@ -0,0 +1,6 @@
+<html>
+<body>
+<a href="test.txt?testparam=123456">Test</a>
+<a href="text2.txt?testparam=123456">Test 2</a>
+</body>
+</html>

0 comments on commit 9c4c732

Please sign in to comment.