Merge branch 'coreruleset:main' into fix-use-correct-anomaly-variable

Author: EsadCetiner

tests/regression/referer-hardening-plugin/9524110.yaml

@@ -2,22 +2,40 @@
 meta:
   author: "azurit"
   description: "Referer Hardening Plugin"
-rule_id: 9524110
+  enabled: true
+  name: 9524110.yaml
 tests:
-  - test_id: 1
-    desc: "Ivalid Referer header"
+  - test_title: 9524110-1
+    desc: "Invalid Referer header"
     stages:
-      - input:
-          dest_addr: "127.0.0.1"
-          method: "GET"
-          port: 80
-          headers:
-            Host: "localhost"
-            User-Agent: "OWASP CRS test agent"
-            Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
-            Referer: "This is invalid header"
-          uri: "/get"
-          version: "HTTP/1.1"
-        output:
-          log:
-            expect_ids: [9524110]
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "This is invalid header"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524110"
+  - test_title: 9524110-2
+    desc: "Empty referer is whitelisted for this rule"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: ""
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524110"

tests/regression/referer-hardening-plugin/9524120.yaml

@@ -0,0 +1,41 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524120.yaml
+tests:
+  - test_title: 9524120-1
+    desc: "Fragment component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com/#Fragment-component"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524120"
+  - test_title: 9524120-2
+    desc: "Missing fragment component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524120"

tests/regression/referer-hardening-plugin/9524130.yaml

@@ -0,0 +1,75 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524130.yaml
+tests:
+  - test_title: 9524130-1
+    desc: "Userinfo component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://login:password@example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524130"
+  - test_title: 9524130-2
+    desc: "Userinfo component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://login@example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524130"
+  - test_title: 9524130-3
+    desc: "Userinfo component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://@example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524130"
+  - test_title: 9524130-4
+    desc: "Missing userinfo component"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524130"

tests/regression/referer-hardening-plugin/9524150.yaml

@@ -0,0 +1,41 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524150.yaml
+tests:
+  - test_title: 9524150-1
+    desc: "Data URL"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "data:,Hello%2C%20World%21"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524150"
+  - test_title: 9524150-2
+    desc: "Non-data URL"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524150"

tests/regression/referer-hardening-plugin/9524160.yaml

@@ -0,0 +1,41 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524160.yaml
+tests:
+  - test_title: 9524160-1
+    desc: "Domain too long"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524160"
+  - test_title: 9524160-2
+    desc: "Valid domain"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524160"

tests/regression/referer-hardening-plugin/9524170.yaml

@@ -0,0 +1,41 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524170.yaml
+tests:
+  - test_title: 9524170-1
+    desc: "Valid domain"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com/"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524170"
+  - test_title: 9524170-2
+    desc: "Invalid domain"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://exa*mple.com/"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524170"

tests/regression/referer-hardening-plugin/9524180.yaml

@@ -0,0 +1,58 @@
+---
+meta:
+  author: "azurit"
+  description: "Referer Hardening Plugin"
+  enabled: true
+  name: 9524180.yaml
+tests:
+  - test_title: 9524120-1
+    desc: "Valid port"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com:80"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524180"
+  - test_title: 9524120-2
+    desc: "Missing port"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            no_log_contains: id "9524180"
+  - test_title: 9524180-3
+    desc: "Invalid port"
+    stages:
+      - stage:
+          input:
+            dest_addr: 127.0.0.1
+            headers:
+              Host: localhost
+              User-Agent: OWASP CRS test agent
+              Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
+              Referer: "http://example.com:abc"
+            port: 80
+            method: "GET"
+            uri: "/get"
+            version: "HTTP/1.1"
+          output:
+            log_contains: id "9524180"