Skip to content

Commit ff53a49

Browse files
theMiddleBluetheMiddleBlue
committed
add travis ci test
1 parent fce387e commit ff53a49

File tree

4 files changed

+145
-0
lines changed

4 files changed

+145
-0
lines changed

.travis.yml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
sudo: required
2+
services:
3+
- docker
4+
language: python
5+
python:
6+
- 2.7
7+
before_install:
8+
- |
9+
if [[ "$TRAVIS_PULL_REQUEST" != "false" ]]; then
10+
cd test/ && docker build --build-arg COMMIT=$TRAVIS_PULL_REQUEST_SHA -f Dockerfile . -t wprs/modsecurity
11+
else
12+
cd test/ && docker build --build-arg COMMIT=master -f Dockerfile . -t wprs/modsecurity
13+
fi
14+
- docker run -d --name wprs -p 80:80 wprs/modsecurity:latest
15+
script:
16+
- TEST=$(curl -sI 'http://localhost/' | head -1 | egrep '200 OK' | wc -l) && if [ $TEST -eq 1 ]; then echo "OK - TEST /"; else exit 1; fi
17+
- TEST=$(curl -sI 'http://localhost/?author=1' | head -1 | egrep '403 Forbidden' | wc -l) && if [ $TEST -eq 1 ]; then echo "OK - TEST User Enumeration"; else exit 1; fi
18+
- docker stop wprs
19+
- docker rm -f wprs
20+

test/Dockerfile

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
FROM owasp/modsecurity:v3-ubuntu-nginx
2+
MAINTAINER Andrea Menin (theMiddle)
3+
4+
ENV PARANOIA=1
5+
6+
#RUN dnf -y update
7+
8+
#RUN dnf -y install python
9+
10+
RUN apt-get update && apt-get install -y \
11+
git \
12+
python
13+
14+
RUN mv /etc/nginx/modsecurity.d/modsecurity.conf /etc/nginx/modsecurity.d/modsecurity.conf.old && \
15+
cd /opt && \
16+
git clone https://github.com/Rev3rseSecurity/wordpress-modsecurity-ruleset.git && \
17+
cd wordpress-modsecurity-ruleset && git checkout $COMMIT && \
18+
echo 'SecAction "id:22000025,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_xmlrpc=0"' >> /etc/nginx/modsecurity.d/include.conf && \
19+
echo 'SecAction "id:22000030,phase:1,nolog,pass,t:none,setvar:tx.wprs_allow_user_enumeration=0"' >> /etc/nginx/modsecurity.d/include.conf && \
20+
echo 'Include /opt/wordpress-modsecurity-ruleset/*.conf' >> /etc/nginx/modsecurity.d/include.conf
21+
22+
COPY modsecurity.conf /etc/nginx/modsecurity.d/
23+
COPY crs-setup.conf /etc/nginx/modsecurity.d/
24+
25+
EXPOSE 80
26+
27+
#ENTRYPOINT ["/docker-entrypoint.sh"]
28+
#CMD ["httpd", "-k", "start", "-D", "FOREGROUND"]
29+
CMD ["/usr/local/nginx/nginx", "-g", "daemon off;"]

test/crs-setup.conf

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
SecDefaultAction "phase:1,log,auditlog,deny,status:403"
2+
SecDefaultAction "phase:2,log,auditlog,deny,status:403"
3+
4+
SecCollectionTimeout 600
5+
6+
SecAction \
7+
"id:900130,\
8+
phase:1,\
9+
nolog,\
10+
pass,\
11+
t:none,\
12+
setvar:tx.crs_exclusions_wordpress=1"
13+
14+
SecAction \
15+
"id:900000,\
16+
phase:1,\
17+
nolog,\
18+
pass,\
19+
t:none,\
20+
setvar:tx.paranoia_level=1"
21+
22+
SecAction \
23+
"id:900001,\
24+
phase:1,\
25+
nolog,\
26+
pass,\
27+
t:none,\
28+
setvar:tx.executing_paranoia_level=1"
29+
30+
SecAction \
31+
"id:900990,\
32+
phase:1,\
33+
nolog,\
34+
pass,\
35+
t:none,\
36+
setvar:tx.crs_setup_version=302"
37+

test/modsecurity.conf

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
SecRuleEngine On
2+
SecRequestBodyAccess On
3+
4+
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
5+
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
6+
7+
SecRule REQUEST_HEADERS:Content-Type "application/json" \
8+
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
9+
10+
SecRequestBodyLimit 13107200
11+
SecRequestBodyNoFilesLimit 131072
12+
SecRequestBodyLimitAction Reject
13+
14+
SecRule REQBODY_ERROR "!@eq 0" \
15+
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
16+
17+
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
18+
"id:'200003',phase:2,t:none,log,deny,status:400, \
19+
msg:'Multipart request body failed strict validation: \
20+
PE %{REQBODY_PROCESSOR_ERROR}, \
21+
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
22+
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
23+
DB %{MULTIPART_DATA_BEFORE}, \
24+
DA %{MULTIPART_DATA_AFTER}, \
25+
HF %{MULTIPART_HEADER_FOLDING}, \
26+
LF %{MULTIPART_LF_LINE}, \
27+
SM %{MULTIPART_MISSING_SEMICOLON}, \
28+
IQ %{MULTIPART_INVALID_QUOTING}, \
29+
IP %{MULTIPART_INVALID_PART}, \
30+
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
31+
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
32+
33+
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
34+
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
35+
36+
SecPcreMatchLimit 1000
37+
SecPcreMatchLimitRecursion 1000
38+
39+
SecRule TX:/^MSC_/ "!@streq 0" \
40+
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
41+
42+
SecResponseBodyAccess On
43+
SecResponseBodyMimeType text/plain text/html text/xml
44+
SecResponseBodyLimit 524288
45+
SecResponseBodyLimitAction ProcessPartial
46+
SecTmpDir /tmp/
47+
SecDataDir /tmp/
48+
SecAuditEngine On
49+
SecAuditLogParts ABIJDEFHZ
50+
SecAuditLogType Concurrent
51+
SecAuditLogFormat JSON
52+
SecDebugLog /var/log/modsec-debug.log
53+
SecDebugLogLevel 9
54+
55+
SecArgumentSeparator &
56+
SecCookieFormat 0
57+
SecUnicodeMapFile unicode.mapping 20127
58+
SecStatusEngine On
59+
Include /etc/nginx/modsecurity.d/crs-setup.conf

0 commit comments

Comments
 (0)