Owasp-modsecurity-crs: Have Travis launch a webserver and load CRS

Created on 27 Nov 2017  路  8Comments  路  Source: SpiderLabs/owasp-modsecurity-crs

I merged #964 after overestimating a review when it was in fact breaking the rule set. This is my fault, but Travis could have warned me.

Feature Request

All 8 comments

To expand on this, the ruleset was not broken syntax-wise; rule 910110 requires a file that is not normally available in the filesystem.

One could argue that we're not checking this rule since it's disabled by default.

I do not think it's a problem with this rule whatsoever. It's the fact that you can not load the ruleset anymore. Even if it's syntactically correct. And we'll encounter more failures like this in the future, I am sure.

Also, it's not your fault. If it's anybody's fault, it's mine.

I should probably be able to throw together a quick test tot see if the status of apache doesn't become green on boot for ol' travis!

@csanders-git I can help you with that.

For me, the straigthforward way of doing this is modifying travis to use the rules on the repository.

So changing the line:

docker run -ti -e PARANOIA=5 -d --rm -p 80:80 -v /var/log/httpd:/var/log/httpd/ owasp/modsecurity-crs

For:

docker run -ti -e PARANOIA=5 -d --rm -p 80:80 -v $(pwd)/rules:/etc/httpd/modsecurity.d/owasp-crs/rules/ -v /var/log/httpd:/var/log/httpd/ owasp/modsecurity-crs

This will try to run httpd using the rules in this directory, and will fail bad when apache fails to start.

You can test it on your devices to see it works (I did it already). I am going to test this on my fork, and report back if it works "correctly".

Nice. it works as expected.

So, after merging PR #977, when there is a problem with any rules file, Apache will not run on the container and build will fail.

Closing, this was merged.

@fzipi I'll be emailing you a copy of my blog to review soon

Was this page helpful?
0 / 5 - 0 ratings