File: //usr/local/modsecurity-crs/tests/regression/coraza-overrides.yaml
version: "v0.0.0"
meta:
engine: "coraza"
platform: "go"
annotations:
- purpose: "CRS test suite"
test_overrides:
- rule_id: 920100
test_ids: [4]
reason: 'Invalid uri, Coraza not reached - 404 page not found'
output:
status: 404
- rule_id: 920100
test_ids: [5]
reason: 'Invalid uri, Coraza not reached - 404 page not found'
output:
status: 404
- rule_id: 920100
test_ids: [8]
reason: 'Go/http allows a colon in the path. Test expects status 400 or 403 (Apache behaviour)'
output:
status: 200
log:
expect_ids: [920100]
- rule_id: 920270
test_ids: [4]
reason: 'Rule works, log contains 920270. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920272
test_ids: [5]
reason: 'Rule works, log contains 920272. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920290
test_ids: [1]
reason: 'Rule works, log contains 920290. Test expects status 400 (Apache behaviour)'
output:
status: 200
- rule_id: 920430
test_ids: [8]
reason: 'Go/http does not allow HTTP/3.0 - 505 HTTP Version Not Supported'
output:
status: 505
log:
no_expect_ids: [920430]
- rule_id: 932200
test_ids: [13]
reason: 'wip'
- rule_id: 934131
test_ids: [5, 7]
reason: 'TODO: check why we are failing to deobfuscate these payloads'