Merge branch 'regression'

Author: Felipe Zimmerle

tests/regression/action/10-logging.t

@@ -37,7 +37,7 @@
 		SecAction "phase:1,pass,nolog,id:500007"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500007/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -85,7 +85,7 @@
 		SecAction "phase:1,deny,status:403,nolog,id:500009"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500009/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -274,7 +274,7 @@
 		SecAction "phase:1,pass,nolog,noauditlog,id:500017"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500017/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -320,7 +320,7 @@
 		SecAction "phase:1,pass,auditlog,nolog,id:500019"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500019/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -366,7 +366,7 @@
 		SecAction "phase:1,pass,noauditlog,nolog,id:500021"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500021/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -460,7 +460,7 @@
 		SecAction "phase:1,deny,status:403,nolog,noauditlog,id:500025"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500025/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -506,7 +506,7 @@
 		SecAction "phase:1,deny,status:403,auditlog,nolog,id:500027"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500027/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {
@@ -552,7 +552,7 @@
 		SecAction "phase:1,deny,status:403,noauditlog,nolog,id:500029"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500029/, 1 ],
 		-audit => [ qr/./, 1 ],
 	},
 	match_response => {

tests/regression/config/10-misc-directives.t

@@ -13,7 +13,7 @@
 	conf => qq(
 		SecRuleEngine on
 		SecDefaultAction "phase:1,deny,status:500"
-		SecRule REQUEST_URI "test.txt,id:500240"
+		SecRule REQUEST_URI "test.txt" "id:500241"
 	),
 	match_log => {
 		error => [ qr/ModSecurity: Access denied with code 500 \(phase 1\)/, 1 ],

tests/regression/config/10-request-directives.t

@@ -8,7 +8,7 @@
 		SecRuleEngine On
 		SecArgumentSeparator ";"
 		SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500215"
-		SecRule ARGS:b "@streq 2,id:500216"
+		SecRule ARGS:b "@streq 2" ""
 	),
 	match_log => {
 		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "2" at ARGS:b\./, 1 ],
@@ -26,7 +26,7 @@
 	conf => q(
 		SecRuleEngine On
 		SecRule ARGS:a "@streq 1" "phase:1,deny,chain,id:500217"
-		SecRule ARGS:b "@streq 2,id:500218"
+		SecRule ARGS:b "@streq 2" ""
 	),
 	match_log => {
 		-error => [ qr/Access denied/, 1 ],
@@ -46,7 +46,7 @@
 		SecRequestBodyAccess On
 		SecArgumentSeparator ";"
 		SecRule ARGS:a "@streq 1" "phase:2,deny,chain,id:500219"
-		SecRule ARGS:b "@streq 2,id:500220"
+		SecRule ARGS:b "@streq 2" ""
 	),
 	match_log => {
 		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
@@ -94,7 +94,7 @@
 		SecRuleEngine On
 		SecRequestBodyAccess On
 		SecRule ARGS:a "\@streq 1" "phase:2,deny,chain,id:500223"
-		SecRule ARGS:b "\@streq 2,id:500224"
+		SecRule ARGS:b "\@streq 2" ""
 	),
 	match_log => {
 		error => [ qr/Access denied with code 403 \(phase 2\)\. String match "2" at ARGS:b\./, 1 ],
@@ -500,8 +500,8 @@
 		SecDebugLogLevel 5
 		SecCookieFormat 1
 		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500231"
-		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500232"
-		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500233"
+		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
 	),
 	match_log => {
 		error => [ qr/Access denied with code 403 \(phase 1\)\. String match "cookieval" at REQUEST_COOKIES:SESSIONID\./, 1 ],
@@ -527,8 +527,8 @@
 		SecDebugLogLevel 5
 		SecCookieFormat 0
 		SecRule REQUEST_COOKIES_NAMES "\@streq SESSIONID" "phase:1,deny,chain,id:500234"
-		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain,id:500235"
-		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval,id:500236"
+		SecRule REQUEST_COOKIES:\$SESSIONID_PATH "\@streq /" "chain"
+		SecRule REQUEST_COOKIES:SESSIONID "\@streq cookieval"
 	),
 	match_log => {
 		-error => [ qr/Access denied/, 1 ],

tests/regression/misc/00-multipart-parser.t

@@ -267,9 +267,7 @@
         SecAuditEngine RelevantOnly
     ),
     match_log => {
-        audit => [ qr/Final boundary missing/, 1 ],
         debug => [ qr/Final boundary missing/, 1 ],
-
     },
     match_response => {
         status => qr/^200$/,

tests/regression/misc/10-tfn-cache.t

@@ -126,8 +126,8 @@
 
 		# This should see cached versions of *both* ARGS_GET
 		SecRule ARGS:test "queryval" "phase:2,t:none,t:removeWhiteSpace,t:lowercase,deny,chain,id:500046"
-		SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain,id:500047"
-		SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase,id:500017"
+		SecRule ARGS:test "firstval" "t:none,t:removeWhiteSpace,t:lowercase,chain"
+		SecRule ARGS:test "secondval" "t:none,t:removeWhiteSpace,t:lowercase"
 	),
 	match_log => {
 		debug => [ qr/removeWhiteSpace,lowercase: "queryval" .*removeWhiteSpace,lowercase: "firstval" .*cached.*removeWhiteSpace,lowercase: "secondval" .*cached/s, 1 ],

tests/regression/rule/00-basics.t

@@ -11,7 +11,7 @@
 		SecAction "nolog,id:500001"
 	),
 	match_log => {
-		-error => [ qr/ModSecurity: /, 1 ],
+		-error => [ qr/500001/, 1 ],
 		-audit => [ qr/./, 1 ],
 		debug => [ qr/Warning\. Unconditional match in SecAction\./, 1 ],
 	},
@@ -32,11 +32,11 @@
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 5
         SecDefaultAction "phase:2,deny,status:403"
-        SecRule ARGS:test "value,id:500032"
+        SecRule ARGS:test "value" "id:500032"
 	),
 	match_log => {
-		error => [ qr/ModSecurity: /, 1 ],
-		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,deny,status:403"$/m, 1 ],
+		error => [ qr/500032/, 1 ],
+		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,deny,status:403,id:500032"$/m, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,
@@ -57,7 +57,7 @@
 	),
 	match_log => {
 		error => [ qr/ModSecurity: /, 1 ],
-		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,deny,status:403"$/m, 1 ],
+		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,deny,status:403,id:500033"$/m, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,
@@ -75,12 +75,12 @@
 		SecDebugLogLevel 5
         SecDefaultAction "phase:2,log,noauditlog,pass,tag:foo"
         SecRule ARGS:test "value" "chain,phase:2,deny,status:403,id:500034"
-        SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar,id:500035"
-        SecRule REQUEST_METHOD "\@streq GET,id:500036"
+        SecRule &ARGS "\@eq 1" "chain,setenv:tx.foo=bar"
+        SecRule REQUEST_METHOD "\@streq GET"
 	),
 	match_log => {
 		error => [ qr/ModSecurity: /, 1 ],
-		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,log,noauditlog,tag:foo,chain,deny,status:403"\r?\n.*Rule [0-9a-f]+: SecRule "&ARGS" "\@eq 1" "chain,setenv:tx.foo=bar"\r?\n.*Rule [0-9a-f]+: SecRule "REQUEST_METHOD" "\@streq GET"\r?\n/s, 1 ],
+		debug => [ qr/Rule [0-9a-f]+: SecRule "ARGS:test" "\@rx value" "phase:2,log,noauditlog,tag:foo,chain,deny,status:403,id:500034"\r?\n.*Rule [0-9a-f]+: SecRule "&ARGS" "\@eq 1" "chain,setenv:tx.foo=bar"\r?\n.*Rule [0-9a-f]+: SecRule "REQUEST_METHOD" "\@streq GET"\r?\n/s, 1 ],
 	},
 	match_response => {
 		status => qr/^403$/,

tests/regression/rule/10-xml.t

@@ -8,6 +8,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500005, \\
@@ -55,6 +56,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecAuditEngine RelevantOnly
@@ -104,6 +106,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecAuditEngine RelevantOnly
@@ -154,6 +157,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecAuditEngine RelevantOnly
@@ -204,6 +208,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecAuditEngine RelevantOnly
@@ -254,6 +259,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500020, \\
@@ -297,6 +303,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500023, \\
@@ -340,6 +347,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500026, \\
@@ -383,6 +391,7 @@
 	conf => qq(
 		SecRuleEngine On
 		SecRequestBodyAccess On
+        SecXmlExternalEntity On
 		SecDebugLog $ENV{DEBUG_LOG}
 		SecDebugLogLevel 9
 		SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500029, \\