-
Notifications
You must be signed in to change notification settings - Fork 11
/
rule_from_seclang_test.go
52 lines (47 loc) · 1.22 KB
/
rule_from_seclang_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package main
import (
"net/url"
"github.com/senghoo/modsecurity-go/modsecurity"
"github.com/senghoo/modsecurity-go/seclang"
"github.com/senghoo/modsecurity-go/utils"
)
func ExampleRuleFromSeclang() {
rule := `SecRuleEngine On
SecRule REQUEST_URI '@rx cmd' \
"id:123,\
phase:2,\
t:lowercase,\
deny"`
eng := modsecurity.NewEngine()
rs, err := seclang.NewDireSetFromSecLangString(rule)
if err != nil {
panic(err)
}
err = rs.Execute(eng)
if err != nil {
panic(err)
}
ts, err := eng.NewTransaction()
if err != nil {
panic(err)
}
ts.ProcessConnection("127.0.0.1", "12345", "127.0.0.1", "80")
u, err := url.Parse(`/search?="a';CMD echo '1"`)
if err != nil {
panic(err)
}
ts.ProcessRequestURL(u, "GET", "HTTP/1.1")
ts.ProcessRequestHeader(nil)
i := ts.Result()
utils.Pprint(i)
// Output:
// (*modsecurity.Intervention)({
// Status: (int) 403,
// Pause: (time.Duration) 0s,
// Url: (*url.URL)(<nil>),
// Log: ([]string) (len=1 cap=1) {
// (string) (len=75) "[client 127.0.0.1:12345] (phase 2) ModSecurity: Access denied with code 403"
// },
// Disruptive: (bool) true
// })
}