On 2/13/12 4:56 PM, "Christian Bockermann" <ch...@jwall.org> wrote:
>
> (5) Regression Testing / Evaluation
>
> The current CRS rules provide a regression-test environment. Did
>anyone ever use
> that? Does there exist some official test-data set? Can we assemble
>one?
> Maybe we can run automatic tests and have a way for documentating
>the test outcomes?
>
> I've been working on a similar testing-environment to replay HTTP
>traffic with the
> jwall-tools. The idea was like this:
>
> - allow for tagging events as "false-positives" or "true
>positives" in the AuditConsole
> - downloading these events into a local test-dataset
> - specify expectations (e.g. the expected score/threshold) for
>each event
> - replay the events/requests and test the outcoming score against
>the expected one
>
> If there's interest in completing that, I'd be happy to further
>extend the stuff I
> already have.
I started to update the regression testing suite to include tests for each
of the rules. This is not completed yet but the infrastructure is there.
Ideally, there would be a test for each rule as this would also help users
to understand what true positive matches look like.
Here are the steps if you want to test -
#############################
INSTALLATION STEPS:
1) Edit the rulestest.pl script to define local path to perl
2) Edit the ruletest.conf script to define the proper global settings for:
- servers to test
- path to the modsecurity audit log
3) Copy the testserver.cgi script to the /cgi-bin directory if you wish to
test the outbound/response rules.
4) Edit the modsecurity_crs_10_config.conf file and update/enable the
Regression Testing variable settings.
5) Copy/Symlink the modsecurity_crs_59_header_tagging.conf file to the
activated_rules directory
6) Restart Apache
7) Run the rulestest.pl script using the rules files in the local /tests
directory.
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
STRICTLY PROHIBITED. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
