ModSecurity/test/test-cases/regression/operator-detectsqli.json at 0b29169c7738b8fd31c27d8822eb43fa3a79f075 · Easton97-Jens/ModSecurity · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
[
  {
    "enabled": 1,
    "version_min": 300000,
    "title": "Testing Operator :: @detectSQLi",
    "client": {
      "ip": "200.249.12.31",
      "port": 123
    },
    "server": {
      "ip": "200.249.12.31",
      "port": 80
    },
    "request": {
      "headers": {
        "Host": "localhost",
        "User-Agent": "curl/7.38.0",
        "Accept": "*/*",
        "Content-Length": "61",
        "Content-Type": "application/x-www-form-urlencoded"
      },
      "uri": "/",
      "method": "POST",
      "body": [
        "param1=ascii(substring(version() from 1 for 1))&param2=value2"
      ]
    },
    "response": {
      "headers": {
        "Date": "Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified": "Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type": "text/html",
        "Content-Length": "8"
      },
      "body": [
        "no need."
      ]
    },
    "expected": {
      "debug_log": "Added DetectSQLi match TX.0: f\\(f\\(f",
      "http_code": 200
    },
    "rules": [
      "SecRuleEngine On",
      "SecRule ARGS \"@detectSQLi\" \"id:1,phase:2,capture,pass,t:trim\""
    ]
  },
  {
    "enabled": 1,
    "version_min": 300000,
    "title": "Testing Operator :: @detectSQLi benign input",
    "client": {
      "ip": "200.249.12.31",
      "port": 123
    },
    "server": {
      "ip": "200.249.12.31",
      "port": 80
    },
    "request": {
      "headers": {
        "Host": "localhost",
        "User-Agent": "curl/7.38.0",
        "Accept": "*/*",
        "Content-Length": "18",
        "Content-Type": "application/x-www-form-urlencoded"
      },
      "uri": "/",
      "method": "POST",
      "body": [
        "param1=just_a_value"
      ]
    },
    "response": {
      "headers": {
        "Date": "Mon, 13 Jul 2015 20:02:41 GMT",
        "Last-Modified": "Sun, 26 Oct 2014 22:33:37 GMT",
        "Content-Type": "text/html",
        "Content-Length": "8"
      },
      "body": [
        "no need."
      ]
    },
    "expected": {
      "debug_log": "detected SQLi: not able to find an inject on 'just_a_value'",
      "http_code": 200
    },
    "rules": [
      "SecRuleEngine On",
      "SecRule ARGS \"@detectSQLi\" \"id:2,phase:2,capture,pass,t:trim\""
    ]
  }
]