Skip to content

Commit

Permalink
FTW: updates ignored rules (envoyproxy#59)
Browse files Browse the repository at this point in the history
  • Loading branch information
M4tteoP authored Oct 26, 2022
1 parent 7e7e836 commit 73c039e
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 174 deletions.
227 changes: 53 additions & 174 deletions ftw/ftw.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,185 +4,64 @@ testoverride:
input:
dest_addr: envoy
ignore:
# Envoy not compatible tests
'911100-5': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'911100-7': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-4': 'Accepted by Envoy. Valid request. It is only disabled by default from Apache and Nginx'
'920100-10': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-14': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'932140-3': 'Invalid URL, Coraza stops this.'
'920120-4': 'Rule bug'
'920120-6': 'Rule bug'
'920120-7': 'Rule bug'
'932180-2': 'Bad multipart'
'942490-17': 'Invalid URL, Coraza stops this.'
# Temporary:
'943110-4': 'Temporary, this works but the testing framework does not support it yet.'

# Rules somewhat working
'949110-3': 'Related to 920100. Invalid HTTP method. Rejected by Envoy with Error 400'
'941110-4': 'Referer header is sanitized by Envoy and removed from the request'
'941110-9': 'Referer header is sanitized by Envoy and removed from the request'
'920270-5': 'Referer header is sanitized by Envoy and removed from the request'
'941101-1': 'Referer header is sanitized by Envoy and removed from the request'
'920210-2': 'Connection header is stripped out by Envoy'
'920210-3': 'Connection header is stripped out by Envoy'
'920210-4': 'Connection header is stripped out by Envoy'
'920210-6': 'Connection header is stripped out by Envoy'
'920210-7': 'Connection header is stripped out by Envoy'
'920274-2': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-3': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-5': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'

# Rules working, tests excluded for different expected output
'920270-4': 'Log contains 920270. Test has log_contains disabled.'
'920270-5': 'Manually working, with go-ftw rule not in the log'
'920340-2': 'Log contains 920340, but tests expects expect_error: true'
'920400-1': 'Log contains 920400, but tests expects expect_error: true'

# Failing tests to be addressed
'920180-4': 'False positive. go-ftw sends POST / HTTP/2.0, but coraza-proxy-wasm reads HTTP/1.0. It does not happen with curl --http2-prior-knowledge'
'980170-0': 'Related to phase 4 logs. Not detected'
'980170-1': 'Related to phase 4 logs. Not detected'

# Rules not working
'920171-2': 'Rule 920171 not detected. GET/HEAD with body'
'920171-3': 'Rule 920171 not detected. GET/HEAD with body'
'920180-4': 'Rule 920180 not detected.'
'920210-2': 'Rule 920210 not detected.'
'920210-3': 'Rule 920210 not detected.'
'920210-4': 'Rule 920210 not detected.'
'920210-6': 'Rule 920210 not detected.'
'920210-7': 'Rule 920210 not detected.'
'920274-2': 'False positive. Rule 920274 always triggered'
'920274-3': 'False positive. Rule 920274 always triggered'
'920274-5': 'False positive. Rule 920274 always triggered'
'920280-1': 'Rule 920280 not detected. Host not present'
'920280-3': 'Rule 920280 not detected. Host not present'
'920290-1': 'Rule 920290 not detected. Empty Host'
'920400-1': 'Rule 920400 not detected.'
'920430-3': 'Rule 920430 not detected.'
'920430-5': 'Rule 920430 not detected. HTTP protocol version'
'920430-8': 'Rule 920430 not detected. HTTP protocol version'
'920430-9': 'Rule 920430 not detected. HTTP protocol version'
'921180-2': 'False Positive. Parameters with the same name'
'921180-4': 'False Positive. Parameters with the same name'
'921180-5': 'False Positive. Parameters with the same name'
'921180-6': 'False Positive. Parameters with the same name'
'934120-28': 'Rule 934120 partially detected. Enclosed alphanumerics not detected'
'934120-29': 'Rule 934120 partially detected. Enclosed alphanumerics not detected'
'934120-30': 'Rule 934120 partially detected. Enclosed alphanumerics not detected'
'934120-31': 'Rule 934120 partially detected. Enclosed alphanumerics not detected'
'934130-7': 'Rule 934130 partially detected.'
'934130-8': 'Rule 934130 partially detected.'
'934130-9': 'Rule 934130 partially detected.'
'934130-10': 'Rule 934130 partially detected.'
'934130-11': 'Rule 934130 partially detected.'
'934131-1': 'Rule 934131 not detected'
'941101-1': 'Rule 941101 not detected'
'941110-4': 'Rule 941110 partially detected. Referer header'
'941110-9': 'Rule 941110 partially detected. Referer header'
'941310-1': 'Rule 941310 partially detected'
'941310-3': 'Rule 941310 partially detected'
'942190-42': 'Rule 942190 partially detected. SQLi'
'942440-16': 'False Positive. Rx'
'942440-17': 'False Positive. Rx'
'942440-18': 'False Positive. Rx'
'944200-1': 'Rule 944200 not detected'
'944210-7': 'Rule 944210 partially detected'
'944210-8': 'Rule 944210 partially detected'
'944210-9': 'Rule 944210 partially detected'
'944210-24': 'Rule 944210 partially detected'
'944210-25': 'Rule 944210 partially detected'
'944210-26': 'Rule 944210 partially detected'
'944210-41': 'Rule 944210 partially detected'
'944210-42': 'Rule 944210 partially detected'
'944210-43': 'Rule 944210 partially detected'
'944240-50': 'Rule 944240 partially detected'
'944240-51': 'Rule 944240 partially detected'
'944240-60': 'Rule 944240 partially detected'
'944240-61': 'Rule 944240 partially detected'
'944240-62': 'Rule 944240 partially detected'
'944240-71': 'Rule 944240 partially detected'
'944240-72': 'Rule 944240 partially detected'
'944240-73': 'Rule 944240 partially detected'
'944240-82': 'Rule 944240 partially detected'
'944240-83': 'Rule 944240 partially detected'
'944240-84': 'Rule 944240 partially detected'
'944250-5': 'Rule 944250 partially detected'
'944250-6': 'Rule 944250 partially detected'
'944250-7': 'Rule 944250 partially detected'
'944250-16': 'Rule 944250 partially detected'
'944250-17': 'Rule 944250 partially detected'
'944250-18': 'Rule 944250 partially detected'
'944300-5': 'Rule 944300 partially detected'
'944300-6': 'Rule 944300 partially detected'
'944300-7': 'Rule 944300 partially detected'
'944300-16': 'Rule 944300 partially detected'
'944300-17': 'Rule 944300 partially detected'
'944300-18': 'Rule 944300 partially detected'
'944300-27': 'Rule 944300 partially detected'
'944300-28': 'Rule 944300 partially detected'
'944300-29': 'Rule 944300 partially detected'
'944300-38': 'Rule 944300 partially detected'
'944300-39': 'Rule 944300 partially detected'
'944300-40': 'Rule 944300 partially detected'
'944300-49': 'Rule 944300 partially detected'
'944300-50': 'Rule 944300 partially detected'
'944300-51': 'Rule 944300 partially detected'
'944300-60': 'Rule 944300 partially detected'
'944300-61': 'Rule 944300 partially detected'
'944300-62': 'Rule 944300 partially detected'
'944300-71': 'Rule 944300 partially detected'
'944300-72': 'Rule 944300 partially detected'
'944300-73': 'Rule 944300 partially detected'
'944300-82': 'Rule 944300 partially detected'
'944300-83': 'Rule 944300 partially detected'
'944300-84': 'Rule 944300 partially detected'
'944300-93': 'Rule 944300 partially detected'
'944300-94': 'Rule 944300 partially detected'
'944300-95': 'Rule 944300 partially detected'
'944300-104': 'Rule 944300 partially detected'
'944300-105': 'Rule 944300 partially detected'
'944300-106': 'Rule 944300 partially detected'
'944300-115': 'Rule 944300 partially detected'
'944300-116': 'Rule 944300 partially detected'
'944300-117': 'Rule 944300 partially detected'
'944300-126': 'Rule 944300 partially detected'
'944300-127': 'Rule 944300 partially detected'
'944300-128': 'Rule 944300 partially detected'
'944300-137': 'Rule 944300 partially detected'
'944300-138': 'Rule 944300 partially detected'
'944300-139': 'Rule 944300 partially detected'
'944300-148': 'Rule 944300 partially detected'
'944300-149': 'Rule 944300 partially detected'
'944300-150': 'Rule 944300 partially detected'
'944300-159': 'Rule 944300 partially detected'
'944300-160': 'Rule 944300 partially detected'
'944300-161': 'Rule 944300 partially detected'
'944300-170': 'Rule 944300 partially detected'
'944300-171': 'Rule 944300 partially detected'
'944300-172': 'Rule 944300 partially detected'
'944300-181': 'Rule 944300 partially detected'
'944300-182': 'Rule 944300 partially detected'
'944300-183': 'Rule 944300 partially detected'
'944300-192': 'Rule 944300 partially detected'
'944300-193': 'Rule 944300 partially detected'
'944300-194': 'Rule 944300 partially detected'
'944300-203': 'Rule 944300 partially detected'
'944300-204': 'Rule 944300 partially detected'
'944300-205': 'Rule 944300 partially detected'
'944300-214': 'Rule 944300 partially detected'
'944300-215': 'Rule 944300 partially detected'
'944300-216': 'Rule 944300 partially detected'
'944300-225': 'Rule 944300 partially detected'
'944300-226': 'Rule 944300 partially detected'
'944300-227': 'Rule 944300 partially detected'
'944300-236': 'Rule 944300 partially detected'
'944300-237': 'Rule 944300 partially detected'
'944300-238': 'Rule 944300 partially detected'
'944300-247': 'Rule 944300 partially detected'
'944300-248': 'Rule 944300 partially detected'
'944300-249': 'Rule 944300 partially detected'
'944300-258': 'Rule 944300 partially detected'
'944300-259': 'Rule 944300 partially detected'
'944300-260': 'Rule 944300 partially detected'
'944300-269': 'Rule 944300 partially detected'
'944300-270': 'Rule 944300 partially detected'
'944300-271': 'Rule 944300 partially detected'
'944300-280': 'Rule 944300 partially detected'
'944300-281': 'Rule 944300 partially detected'
'944300-282': 'Rule 944300 partially detected'
'944300-291': 'Rule 944300 partially detected'
'944300-292': 'Rule 944300 partially detected'
'944300-293': 'Rule 944300 partially detected'
'944300-302': 'Rule 944300 partially detected'
'944300-303': 'Rule 944300 partially detected'
'944300-304': 'Rule 944300 partially detected'
'944300-313': 'Rule 944300 partially detected'
'944300-314': 'Rule 944300 partially detected'
'944300-315': 'Rule 944300 partially detected'
'944300-324': 'Rule 944300 partially detected'
'944300-325': 'Rule 944300 partially detected'
'944300-326': 'Rule 944300 partially detected'
'949110-3': 'Rule 949110 not detected. Related to 920100'
'980170-0': 'Related to phase 4. Not detected'
'980170-1': 'Related to phase 4. Not detected'
# Coraza related issues
'920171-2': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920171-3': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920280-1': 'Rule 920280 not detected. Host not present. Coraza side'
'920280-3': 'Rule 920280 not detected. Host not present. Coraza side'
'920430-3': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-5': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-8': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-9': 'Rule 920430 not detected. Proto version. Coraza side'
'921180-2': 'False Positive. Parameters with the same name. Coraza Side'
'921180-4': 'False Positive. Parameters with the same name. Coraza Side'
'921180-5': 'False Positive. Parameters with the same name. Coraza Side'
'921180-6': 'False Positive. Parameters with the same name. Coraza Side'
'920290-1': 'Rule 920290 not detected. Empty Host. Coraza side'
'934120-28': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-29': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-30': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-31': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934130-7': 'Rule 934130 partially detected. Coraza side'
'934130-8': 'Rule 934130 partially detected. Test equals to 934130-7. Coraza side'
'934130-9': 'Rule 934130 partially detected. Coraza side'
'934130-10': 'Rule 934130 partially detected. Coraza side'
'934130-11': 'Rule 934130 partially detected. Coraza side'
'934131-1': 'Rule 934131 not detected. Coraza side'
'941310-1': 'Rule 941310 partially detected. Coraza side'
'941310-3': 'Rule 941310 partially detected. Coraza side'
'942190-42': 'Rule 942190 partially detected. SQLi. Coraza side'
'942440-16': 'False Positive. Rx. Coraza side'
'942440-17': 'False Positive. Rx. Coraza side'
'942440-18': 'False Positive. Rx. Coraza side'
'944200-1': 'Rule 944200 not detected. Coraza side'
2 changes: 2 additions & 0 deletions rules/ftw-config.conf
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ SecDefaultAction "phase:3,log,auditlog,pass"
SecDefaultAction "phase:4,log,auditlog,pass"
SecDebugLogLevel 3

# By default rule 900340 is commented, therefore max_file_size is added to 900005 in order to test 920400-* rules
SecAction "id:900005,\
phase:1,\
nolog,\
Expand All @@ -18,6 +19,7 @@ SecAction "id:900005,\
setvar:tx.arg_length=400,\
setvar:tx.total_arg_length=64000,\
setvar:tx.max_num_args=255,\
setvar:tx.max_file_size=64100,\
setvar:tx.combined_file_sizes=65535"

# Write the value from the X-CRS-Test header as a marker to the log
Expand Down

0 comments on commit 73c039e

Please sign in to comment.