owasp-modsecurity · airween · Jun 1, 2025 · Jun 1, 2025
diff --git a/config_tests/CONF_060_TARGET_REQUEST_COOKIES_NAMES.yaml b/config_tests/CONF_060_TARGET_REQUEST_COOKIES_NAMES.yaml
@@ -0,0 +1,76 @@
+target: REQUEST_COOKIES_NAMES
+rulefile: MRTS_060_REQUEST_COOKIES_NAMES.conf
+testfile: MRTS_060_REQUEST_COOKIES_NAMES.yaml
+templates:
+  - SecRule for TARGETS
+colkey:
+  - - ''
+  - - attack1
+  - - attack1
+    - attack2
+  - - /^attack_.*$/
+operator:
+  - '@contains'
+oparg:
+  - attack
+phase:
+  - 1
+  - 2
+  - 3
+  - 4
+testdata:
+  phase_methods:
+    1: get
+    2: post
+    3: post
+    4: post
+  targets:
+    - target: ''
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: attack=test
+    - target: attack1
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: attack1=test
+    - target: attack1
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: attack1=test;hello=test
+    - target: attack2
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: attack2=test
+    - target: attack2
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: hello=test;attack2=test
+    - target: /^attack_.*$/
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: attack_foo=test
+    - target: /^attack_.*$/
+      test:
+        data: null
+        input:
+          headers:
+            - name: Cookie
+              value: hello=test;attack_foo=text;world=test
diff --git a/generated/rules/MRTS_060_REQUEST_COOKIES_NAMES.conf b/generated/rules/MRTS_060_REQUEST_COOKIES_NAMES.conf
@@ -0,0 +1,144 @@
+SecRule REQUEST_COOKIES_NAMES "@contains attack" \
+    "id:100132,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES "@contains attack" \
+    "id:100133,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES "@contains attack" \
+    "id:100134,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES "@contains attack" \
+    "id:100135,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
+    "id:100136,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
+    "id:100137,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
+    "id:100138,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1 "@contains attack" \
+    "id:100139,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
+    "id:100140,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
+    "id:100141,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
+    "id:100142,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:attack1|REQUEST_COOKIES_NAMES:attack2 "@contains attack" \
+    "id:100143,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
+    "id:100144,\
+    phase:1,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:1',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
+    "id:100145,\
+    phase:2,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:2',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
+    "id:100146,\
+    phase:3,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:3',\
+    ver:'MRTS/0.1'"
+
+SecRule REQUEST_COOKIES_NAMES:/^attack_.*$/ "@contains attack" \
+    "id:100147,\
+    phase:4,\
+    deny,\
+    t:none,\
+    log,\
+    msg:'%{MATCHED_VAR_NAME} was caught in phase:4',\
+    ver:'MRTS/0.1'"
+
diff --git a/generated/rules/MRTS_110_XML.conf b/generated/rules/MRTS_110_XML.conf
@@ -1,5 +1,5 @@
 SecRule XML:/* "@beginsWith foo" \
-    "id:100132,\
+    "id:100148,\
     phase:2,\
     deny,\
     t:none,\
@@ -8,7 +8,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100133,\
+    "id:100149,\
     phase:3,\
     deny,\
     t:none,\
@@ -17,7 +17,7 @@ SecRule XML:/* "@beginsWith foo" \
     ver:'MRTS/0.1'"
 
 SecRule XML:/* "@beginsWith foo" \
-    "id:100134,\
+    "id:100150,\
     phase:4,\
     deny,\
     t:none,\