forked from jptosso/coraza-wasm-filter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathftw.yml
62 lines (59 loc) · 4.22 KB
/
ftw.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---
logfile: '/home/envoy/logs/ftw.log'
testoverride:
input:
dest_addr: envoy
ignore:
# Envoy not compatible tests
'911100-5': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'911100-7': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-4': 'Accepted by Envoy. Valid request. It is only disabled by default from Apache and Nginx'
'920100-10': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-14': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-16': 'Invalid HTTP request line. Rejected by Envoy with Error 400'
'949110-4': 'Related to 920100. Invalid HTTP method. Rejected by Envoy with Error 400'
'941110-4': 'Referer header is sanitized by Envoy and removed from the request'
'941110-9': 'Referer header is sanitized by Envoy and removed from the request'
'920270-5': 'Referer header is sanitized by Envoy and removed from the request'
'941101-1': 'Referer header is sanitized by Envoy and removed from the request'
'920210-2': 'Connection header is stripped out by Envoy'
'920210-3': 'Connection header is stripped out by Envoy'
'920210-4': 'Connection header is stripped out by Envoy'
'920210-6': 'Connection header is stripped out by Envoy'
'920210-7': 'Connection header is stripped out by Envoy'
'920274-2': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-3': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-5': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
# Rules working, tests excluded for different expected output
'920270-4': 'Log contains 920270. Test has log_contains disabled.'
# '920340-2': 'Log contains 920340, but tests expects expect_error: true'
# Failing tests to be addressed
'920180-4': 'False positive. go-ftw sends POST / HTTP/2.0, but coraza-proxy-wasm reads HTTP/1.0. It does not happen with curl --http2-prior-knowledge'
# Coraza related issues
'920171-2': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920171-3': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920280-1': 'Rule 920280 not detected. Host not present. Coraza side'
'920280-3': 'Rule 920280 not detected. Host not present. Coraza side'
'920290-1': 'Rule 920290 not detected. Empty Host. Coraza side'
'920430-3': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-5': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-8': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-9': 'Rule 920430 not detected. Proto version. Coraza side'
'921180-2': 'False Positive. Parameters with the same name. Coraza Side'
'921180-4': 'False Positive. Parameters with the same name. Coraza Side'
'921180-5': 'False Positive. Parameters with the same name. Coraza Side'
'921180-6': 'False Positive. Parameters with the same name. Coraza Side'
'934120-23': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-24': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-25': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-26': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-39': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934130-8': 'Rule 934130 partially detected.'
'934130-9': 'Rule 934130 partially detected. Coraza side'
'934130-10': 'Rule 934130 partially detected. Coraza side'
'934130-11': 'Rule 934130 partially detected. Coraza side'
'934131-2': 'Rule 934131 not detected. Coraza side'
'941310-1': 'Rule 941310 partially detected. Coraza side'
'941310-3': 'Rule 941310 partially detected. Coraza side'
'942522-7': 'Rule 944200 partially detected. Coraza side'
'944200-1': 'Rule 944200 not detected. Coraza side'