apache2/t/regression/misc/20-pdf-xss.t

   1 # PDF XSS Protection
   2
   3 {
   4         type => "misc",
   5         comment => "pdf-xss - GET",
   6         conf => qq(
   7                 SecRuleEngine On
   8                 SecDebugLog $ENV{DEBUG_LOG}
   9                 SecDebugLogLevel 9
  10
  11                 SecPdfProtect On
  12                 SecPdfProtectMethod TokenRedirection
  13                 SecPdfProtectSecret FooBar
  14                 SecPdfProtectTimeout 10
  15         ),
  16         match_log => {
  17                 debug => [ qr/PdfProtect: PDF request without a token - redirecting to/, 1 ],
  18         },
  19         match_response => {
  20                 status => qr/^200$/,
  21         },
  22         request => new HTTP::Request(
  23                 GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
  24         ),
  25 },
  26 {
  27         type => "misc",
  28         comment => "pdf-xss - POST",
  29         conf => qq(
  30                 SecRuleEngine On
  31                 SecDebugLog $ENV{DEBUG_LOG}
  32                 SecDebugLogLevel 9
  33
  34                 SecPdfProtect On
  35                 SecPdfProtectMethod TokenRedirection
  36                 SecPdfProtectSecret FooBar
  37                 SecPdfProtectTimeout 10
  38         ),
  39         match_log => {
  40                 -error => [ qr/exit signal/, 1 ],
  41                 debug => [ qr/PdfProtect: Not intercepting.*method=POST\/2/, 1 ],
  42         },
  43         match_response => {
  44                 status => qr/^200$/,
  45         },
  46         request => new HTTP::Request(
  47                 POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
  48                 [
  49                         "Content-Type" => "application/x-www-form-urlencoded",
  50                 ],
  51                 #  Args
  52                 "a=1&b=2",
  53         ),
  54 },