From a1d79f28e416ce771d552cc816fd839db2cf24c1 Mon Sep 17 00:00:00 2001 From: Eduardo Arias Date: Wed, 4 Sep 2024 12:30:28 -0300 Subject: [PATCH 1/2] Additional sqlHexDecode transformation tests - These were added to test changes in owasp-modsecurity/ModSecurity#3231 --- transformations/sqlHexDecode.json | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/transformations/sqlHexDecode.json b/transformations/sqlHexDecode.json index 744fc2a..c459de9 100644 --- a/transformations/sqlHexDecode.json +++ b/transformations/sqlHexDecode.json @@ -5,5 +5,40 @@ "type" : "tfn", "name" : "sqlHexDecode", "output" : "ABC" + }, + { + "ret" : 1, + "input" : "ABC", + "type" : "tfn", + "name" : "sqlHexDecode", + "output" : "ABC" + }, + { + "ret" : 1, + "input" : "00x414243", + "type" : "tfn", + "name" : "sqlHexDecode", + "output" : "0ABC" + }, + { + "ret" : 1, + "input" : "0xz0x414243", + "type" : "tfn", + "name" : "sqlHexDecode", + "output" : "0xzABC" + }, + { + "ret" : 1, + "input" : "0x4142430x434241", + "type" : "tfn", + "name" : "sqlHexDecode", + "output" : "ABCCBA" + }, + { + "ret" : 1, + "input" : "0x4142430x0x434241", + "type" : "tfn", + "name" : "sqlHexDecode", + "output" : "ABC0xCBA" } ] From 3498d2814456eb1de88b6373e6356c3228b57073 Mon Sep 17 00:00:00 2001 From: Eduardo Arias Date: Wed, 4 Sep 2024 12:30:51 -0300 Subject: [PATCH 2/2] Removed phpArgsNames transformation tests, as it's not currently included in libModSecurity v3 - Support for this transformation was introduced in the context of owasp-modsecurity/ModSecurity#2387, but it's not currently in the library. --- transformations/phpArgsNames.json | 93 ------------------------------- 1 file changed, 93 deletions(-) delete mode 100644 transformations/phpArgsNames.json diff --git a/transformations/phpArgsNames.json b/transformations/phpArgsNames.json deleted file mode 100644 index dd7feb2..0000000 --- a/transformations/phpArgsNames.json +++ /dev/null @@ -1,93 +0,0 @@ -[ - { - "input" : "abc", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 0, - "output" : "abc" - }, - { - "input" : "a_bc", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 0, - "output" : "a_bc" - }, - { - "input" : "a_b.c", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "a_b_c" - }, - { - "input" : "a[_b c.", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "a__b c." - }, - { - "input" : ". a_b]c", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "__a_b]c" - }, - { - "input" : "a_b c d_", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "a_b_c_d_" - }, - { - "input" : "[a_[b][]c d_", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "" - }, - { - "input" : "a_[b][ ]c d_", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "a_[b][]" - }, - { - "input" : "][ ", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "]_ " - }, - { - "input" : "][ a.", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "]_ a." - }, - { - "input" : " ] [a][c][f. _ ]", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "]_[a][c][f. _ ]" - }, - { - "input" : "a[]b", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "a[]" - }, - { - "input" : "sc ript._[a[_xss]", - "name" : "phpArgsNames", - "type" : "tfn", - "ret" : 1, - "output" : "sc_ript__[a[_xss]" - } -]