Regression Tests in CRS doesn't have Tests for some of the CRS Rules

[srikr]

Describe the bug

Regression Tests doesn't have YAML files for following attack and rules of different Paranoia Level

Paranoia Level 1

REQUEST-942-APPLICATION-ATTACK-SQLI = 942170
REQUEST-930-APPLICATION-ATTACK-LFI = 930130
REQUEST-920-PROTOCOL-ENFORCEMENT = 920140, 920410, 920171
REQUEST-932-APPLICATION-ATTACK-RCE = 932170, 932171, 932180, 932120
REQUEST-949-BLOCKING-EVALUATION = 949060 949061 949062 949063 949100

Paranoia Level 2

REQUEST-913-SCANNER-DETECTION = 913101, 913102

Paranoia Level 3

REQUEST-921-PROTOCOL-ATTACK = 921170
REQUEST-942-APPLICATION-ATTACK-SQLI = 942251
REQUEST-932-APPLICATION-ATTACK-RCE = 932106
REQUEST-933-APPLICATION-ATTACK-PHP = 933190

Steps to reproduce

YAML files are not available for above mentioned attack and rules in this link:
https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.1/dev/util/regression-tests/tests

Expected behaviour

Regression Test should have all rules of all attack at different paranoia level

Actual behaviour

As there is no YAML Files to simulate attacks, I am not able to run attack tests.

Additional context

I am using WAFBench PyWB in conjunction with YAML Files to simulate attack traffic of different types against WAF Supported LB.

Your Environment

Client -> LB -> Backend Server

• CRS version : 3.1.1
• Paranoia level setting: Extreme or PL4
• ModSecurity version = 3
• Web Server and version : Apache/2.4.41
• Operating System and version: Ubuntu 16.04.6 LTS

[dune73]

Yes, there are still a few gaps, true.

Would you be interested to help us creating some tests for these?

[srikr]

Thanks for the quick response. Sure. Will give it a try

[dune73]

Way to go man. We're happy to assist you, if you encounter any problems.

[srikr]

Thank You