/usr/share/nginx-naxsi/naxsi-ui/unit_test/gen_ut.sh is in nginx-naxsi-ui 1.4.6-1ubuntu3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | #!/bin/bash
SAMPLE_REQ="2012/02/22 10:05:45 [error] 32117#0: *32 NAXSI_FMT: ip=<IP>&server=<SRV>&uri=<URI>&total_processed=<TOT_PROC>&total_blocked=<TOT_BLOC>"
APPEND="&zone0=<ZONE>&id0=<ID>&var_name0=<VAR_NAME>"
CLOSING=", client: 82.234.123.117, server: blog.memze.ro, request: \"GET / HTTP/1.1\", host: \"blog.memze.ro\""
NB_LINES=100
function randstr() {
[ "$2" == "0" ] && CHAR="[:alnum:]" || CHAR="[:graph:]"
cat /dev/urandom | tr -cd "$CHAR" | head -c ${1:-32}
echo
}
#IP;SRV;URI;TOT_PROC;TOT_BLOC;ZONE;ID;VAR_NAME
function do_replace {
echo -n $SAMPLE_REQ | sed -e "s@<IP>@$1@g;s@<SRV>@$2@g;s@<URI>@$3@g;s@<TOT_PROC>@$4@g;s@<TOT_BLOC>@$5@g"
echo -n $APPEND | sed -e "s@<ZONE>@$6@g;s@<ID>@$7@g;s@<VAR_NAME>@$8@g"
echo $CLOSING
}
function unpredictable_id {
for i in `seq 1 100` ; do
url="/comment_post.php"
arg_name="foobar"
do_replace "1.1.1.254" "foo.net" "/"$url "1" "0" "ARGS" $(( ($RANDOM % 1000) + 1000)) $arg_name
done;
}
function unpredictable_url {
for i in `seq 1 100` ; do
url=`randstr 10 0`
arg_name="foobar"
do_replace "1.1.1.254" "foo.net" "/"$url "1" "0" "ARGS" 1001 $arg_name
done;
}
function unpredictable_argname {
for i in `seq 1 100` ; do
arg_name=`randstr 10 0`
url="/foobar"
do_replace "1.1.1.254" "foo.net" "/"$url "1" "0" "ARGS" 1001 $arg_name
done;
}
function unpredictable_nothing {
for i in `seq 1 100` ; do
arg_name="vulnarg"
url="/foobar"
do_replace "1.1.1.254" "foo.net" "/"$url "1" "0" "ARGS" 1001 $arg_name
done;
}
#do_replace "1.1.1.1" "foo.net" "/bar" "1" "0" "ARGS" "1000" "vuln_arg"
#one_exc_many_peer_diff_url
#100_exc_one_peer
unpredictable_nothing
|