diff --git a/src/crs_linter/cli.py b/src/crs_linter/cli.py index bf43bb6..5469cf7 100755 --- a/src/crs_linter/cli.py +++ b/src/crs_linter/cli.py @@ -143,7 +143,7 @@ def check_indentation(filename, content): writer.generate() output = [] for l in writer.output: - output += [l + "\n" for l in l.split("\n") if l != "\n" else l] + output += [l + "\n" for l in l.split("\n") if l != "\n"] if len(from_lines) < len(output): from_lines.append("\n") @@ -181,7 +181,7 @@ def read_files(filenames): parsed = {} # filenames must be in order to correctly detect unused variables - list(filenames).sort() + filenames = sorted(filenames) for f in filenames: try: @@ -291,11 +291,11 @@ def main(): ### check case usings c.check_ignore_case() - if len(c.caseerror) == 0: + if len(c.error_case_mistmatch) == 0: logger.debug("Ignore case check ok.") else: logger.error("Ignore case check found error(s)") - for a in c.caseerror: + for a in c.error_case_mistmatch: logger.error( a["message"], title="Case check", @@ -306,10 +306,10 @@ def main(): ### check action's order c.check_action_order() - if len(c.orderacts) == 0: + if len(c.error_action_order) == 0: logger.debug("Action order check ok.") else: - for a in c.orderacts: + for a in c.error_action_order: logger.error( "Action order check found error(s)", file=f, @@ -322,11 +322,11 @@ def main(): ### check `ctl:auditLogParts=+E` right place in chained rules c.check_ctl_audit_log() - if len(c.auditlogparts) == 0: + if len(c.error_wrong_ctl_auditlogparts) == 0: logger.debug("no 'ctl:auditLogParts' action found.") else: logger.error() - for a in c.auditlogparts: + for a in c.error_wrong_ctl_auditlogparts: logger.error( "Found 'ctl:auditLogParts' action", file=f, @@ -340,28 +340,28 @@ def main(): c.collect_tx_variable() ### check duplicate ID's - # c.dupes filled during the tx variable collected - if len(c.dupes) == 0: + # c.error_duplicated_id filled during the tx variable collected + if len(c.error_duplicated_id) == 0: logger.debug("No duplicate IDs") else: logger.error("Found duplicated ID(s)", file=f, title="'id' is duplicated") ### check PL consistency c.check_pl_consistency() - if len(c.pltags) == 0: + if len(c.error_inconsistent_pltags) == 0: logger.debug("Paranoia-level tags are correct.") else: - for a in c.pltags: + for a in c.error_inconsistent_pltags: logger.error( "Found incorrect paranoia-level/N tag(s)", file=f, title="wrong or missing paranoia-level/N tag", ) - if len(c.plscores) == 0: + if len(c.error_inconsistent_plscores) == 0: logger.debug("PL anomaly_scores are correct.") else: - for a in c.plscores: + for a in c.error_inconsistent_plscores: logger.error( "Found incorrect (inbound|outbout)_anomaly_score value(s)", file=f, @@ -370,10 +370,10 @@ def main(): ### check existence of used TX variables c.check_tx_variable() - if len(c.undef_txvars) == 0: + if len(c.error_undefined_txvars) == 0: logger.debug("All TX variables are set.") else: - for a in c.undef_txvars: + for a in c.error_undefined_txvars: logger.error( a["message"], file=f, @@ -384,7 +384,7 @@ def main(): ### check new unlisted tags c.check_tags(tags) - if len(c.newtags) == 0: + if len(c.error_new_unlisted_tags) == 0: logger.debug("No new tags added.") else: logger.error( @@ -393,7 +393,7 @@ def main(): ### check for t:lowercase in combination with (?i) in regex c.check_lowercase_ignorecase() - if len(c.ignorecase) == 0: + if len(c.error_combined_transformation_and_ignorecase) == 0: logger.debug("No t:lowercase and (?i) flag used.") else: logger.error( @@ -404,7 +404,7 @@ def main(): ### check for tag:'OWASP_CRS' c.check_crs_tag() - if len(c.nocrstags) == 0: + if len(c.error_no_crstag) == 0: logger.debug("No rule without OWASP_CRS tag.") else: logger.error( @@ -415,7 +415,7 @@ def main(): ### check for ver action c.check_ver_action(crs_version) - if len(c.noveract) == 0: + if len(c.error_no_ver_action_or_wrong_version) == 0: logger.debug("No rule without correct ver action.") else: logger.error( @@ -425,7 +425,7 @@ def main(): ) c.check_capture_action() - if len(c.nocaptact) == 0: + if len(c.error_tx_N_without_capture_action) == 0: logger.debug("No rule uses TX.N without capture action.") else: logger.error( diff --git a/src/crs_linter/linter.py b/src/crs_linter/linter.py index f2e3b13..d84568b 100755 --- a/src/crs_linter/linter.py +++ b/src/crs_linter/linter.py @@ -98,45 +98,45 @@ def __init__(self, data, filename=None, txvars={}): self.chained = False # holds the chained flag self.re_tx_var = re.compile(r"%\{\}") self.filename = filename + self.ids = {} # list of rule id's and their location in files # Any of these variables below are used to store the errors - self.caseerror = [] # list of case mismatch errors - self.orderacts = [] # list of ordered action errors - self.auditlogparts = [] # list of wrong ctl:auditLogParts - self.undef_txvars = [] # list of undefined TX variables - self.pltags = [] # list of incosistent PL tags - self.plscores = [] # list of incosistent PL scores - self.dupes = [] # list of duplicated id's - self.ids = {} # list of rule id's (this is not an error list, just the list of rule id's) - self.newtags = [] # list of new, unlisted tags - self.ignorecase = [] # list of combinations of t:lowercase and (?i) - self.nocrstags = [] # list of rules without tag:OWASP_CRS - self.noveract = [] # list of rules without ver action or incorrect ver - self.nocaptact = [] # list of rules which uses TX.N without previous 'capture' + self.error_case_mistmatch = [] # list of case mismatch errors + self.error_action_order = [] # list of ordered action errors + self.error_wrong_ctl_auditlogparts = [] # list of wrong ctl:auditLogParts + self.error_undefined_txvars = [] # list of undefined TX variables + self.error_inconsistent_pltags = [] # list of incosistent PL tags + self.error_inconsistent_plscores = [] # list of incosistent PL scores + self.error_duplicated_id = [] # list of duplicated id's + self.error_new_unlisted_tags = [] # list of new, unlisted tags + self.error_combined_transformation_and_ignorecase = [] # list of combinations of t:lowercase and (?i) + self.error_no_crstag = [] # list of rules without tag:OWASP_CRS + self.error_no_ver_action_or_wrong_version = [] # list of rules without ver action or incorrect ver + self.error_tx_N_without_capture_action = [] # list of rules which uses TX.N without previous 'capture' def is_error(self): """Returns True if any error is found""" error_vars = [ - self.caseerror, - self.orderacts, - self.auditlogparts, - self.undef_txvars, - self.pltags, - self.plscores, - self.dupes, - self.newtags, - self.ignorecase, - self.nocrstags, - self.noveract, - self.nocaptact, + self.error_case_mistmatch, + self.error_action_order, + self.error_wrong_ctl_auditlogparts, + self.error_undefined_txvars, + self.error_inconsistent_pltags, + self.error_inconsistent_plscores, + self.error_duplicated_id, + self.error_new_unlisted_tags, + self.error_combined_transformation_and_ignorecase, + self.error_no_crstag, + self.error_no_ver_action_or_wrong_version, + self.error_tx_N_without_capture_action, ] print(f"Checking for errors: {error_vars}") return any([len(var) > 0 for var in error_vars]) def store_error(self, msg): # store the error msg in the list - self.caseerror.append( + self.error_case_mistmatch.append( { "ruleid": 0, "line": self.curr_lineno, @@ -156,7 +156,7 @@ def check_ignore_case(self): else: self.chained = False - for action in d["actions"]: + for a in d["actions"]: self.curr_lineno = a["lineno"] if a["act_name"] == "id": @@ -167,18 +167,18 @@ def check_ignore_case(self): # check the action is valid if a["act_name"].lower() not in self.actionsl: - self.store_error("Invalid action", a["act_name"]) + self.store_error(f"Invalid action {a["act_name"]}") # check the action case sensitive format if ( self.actions[self.actionsl.index(a["act_name"].lower())] != a["act_name"] ): - self.store_error("Action case mismatch: %s" % a["act_name"]) + self.store_error(f"Action case mismatch: {a["act_name"]}") if a["act_name"] == "ctl": # check the ctl argument is valid if a["act_arg"].lower() not in self.ctlsl: - self.store_error("Invalid ctl", a["act_arg"]) + self.store_error(f"Invalid ctl {a["act_arg"]}") # check the ctl argument case sensitive format if ( self.ctls[self.ctlsl.index(a["act_arg"].lower())] @@ -188,7 +188,7 @@ def check_ignore_case(self): if a["act_name"] == "t": # check the transform is valid if a["act_arg"].lower() not in self.transformsl: - self.store_error(f"Invalid transform: a["act_arg"]") + self.store_error(f"Invalid transform: {a["act_arg"]}") # check the transform case sensitive format if ( self.transforms[ @@ -197,7 +197,7 @@ def check_ignore_case(self): != a["act_arg"] ): self.store_error( - f"Transform case mismatch : a["act_arg"]" + f"Transform case mismatch : {a["act_arg"]}" ) aidx += 1 if "operator" in d and d["operator"] != "": @@ -206,31 +206,30 @@ def check_ignore_case(self): op = d["operator"].replace("!", "").replace("@", "") # check the operator is valid if op.lower() not in self.operatorsl: - self.store_error(f"Invalid operator: d["operator"]") + self.store_error(f"Invalid operator: {d["operator"]}") # check the operator case sensitive format if self.operators[self.operatorsl.index(op.lower())] != op: - self.store_error(f"Operator case mismatch: d["operator"]") + self.store_error(f"Operator case mismatch: {d["operator"]}") else: if d["type"].lower() == "secrule": self.curr_lineno = d["lineno"] self.store_error("Empty operator isn't allowed") if self.current_ruleid > 0: - for e in self.caseerror: + for e in self.error_case_mistmatch: e["ruleid"] = self.current_ruleid - e["message"] += f" (rule: {self.current_ruleid)" + e["message"] += f" (rule: {self.current_ruleid})" def check_action_order(self): for d in self.data: if "actions" in d: - aidx = 0 # stores the index of current action max_order = 0 # maximum position of read actions - if self.chained == False: + if not self.chained: self.current_ruleid = 0 else: self.chained = False - for index, action in enumerate(d["actions"]): - + for index, a in enumerate(d["actions"]): + action = a["act_name"].lower() # get the 'id' of rule self.curr_lineno = a["lineno"] if a["act_name"] == "id": @@ -243,9 +242,16 @@ def check_action_order(self): # get the index of action from the ordered list # above from constructor try: - act_idx = self.ordered_actions.index(a["act_name"].lower()) + act_idx = self.ordered_actions.index(action) except ValueError: - print(f"ERROR: '{a["act_name"]}' not in actions list!") + self.error_action_order.append( + { + "ruleid": 0, + "line": a["lineno"], + "endLine": a["lineno"], + "message": f"action '{action}' at pos {index-1} is in the wrong order: '{a["act_name"]}' at pos {index}" + } + ) sys.exit(-1) # if the index of current action is @ge than the previous @@ -253,38 +259,29 @@ def check_action_order(self): if act_idx >= max_order: max_order = act_idx else: - # prevact is the previous action's position in list + # action is the previous action's position in list # act_idx is the current action's position in list # if the prev is @gt actually, means it's at wrong position - if self.ordered_actions.index(prevact) > act_idx: - self.orderacts.append( + if act_idx < max_order: + self.error_action_order.append( { "ruleid": 0, "line": a["lineno"], "endLine": a["lineno"], - "message": "action '%s' at pos %d is wrong place against '%s' at pos %d" - % ( - prevact, - index - 1, - a["act_name"], - index, - ), + "message": f"action 'action {action}' at pos {index - 1} is in the wrong order '{a["act_name"]}' at pos {index}" } ) - prevact = a["act_name"].lower() - for a in self.orderacts: + for a in self.error_action_order: if a["ruleid"] == 0: a["ruleid"] = self.current_ruleid - a["message"] += " (rule: %d)" % (self.current_ruleid) + a["message"] += f" (rule: {self.current_ruleid})" + def check_ctl_audit_log(self): """check there is no ctl:auditLogParts action in any rules""" for d in self.data: - if "actions" not in d: - return - - for action in d["actions"]: - + if "actions" in d: + for a in d["actions"]: # get the 'id' of rule self.curr_lineno = a["lineno"] if a["act_name"] == "id": @@ -295,7 +292,7 @@ def check_ctl_audit_log(self): a["act_name"].lower() == "ctl" and a["act_arg"].lower() == "auditlogparts" ): - self.auditlogparts.append( + self.error_wrong_ctl_auditlogparts.append( { "ruleid": self.current_ruleid, "line": a["lineno"], @@ -317,18 +314,18 @@ def collect_tx_variable(self): chained = False for d in self.data: if "actions" in d: - if chained == False: + if not chained: ruleid = 0 # ruleid phase = ( 2 # works only in Apache, libmodsecurity uses default phase 1 ) else: chained = False - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if ruleid in self.ids: - self.dupes.append( + self.error_duplicated_id.append( { "ruleid": ruleid, "line": a["lineno"], @@ -387,7 +384,7 @@ def check_tx_variable(self): chained = False for d in self.data: if d["type"].lower() in ["secrule", "secaction"]: - if chained == False: + if not chained: # works only in Apache, libmodsecurity uses default phase 1 phase = 2 ruleid = 0 @@ -396,7 +393,7 @@ def check_tx_variable(self): # iterate over actions and collect these values: # ruleid, phase, chained, rule has or not any disruptive action - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "phase": @@ -443,7 +440,7 @@ def check_tx_variable(self): v not in self.globtxvars or phase < self.globtxvars[v]["phase"] ): - self.undef_txvars.append( + self.error_undefined_txvars.append( { "var": v, "ruleid": ruleid, @@ -457,10 +454,9 @@ def check_tx_variable(self): else: if v in self.globtxvars: self.globtxvars[v]["used"] = True - aidx += 1 if "operator_argument" in d: - oparg = re.findall(r"%\{(tx.[^%]*)\}", d["operator_argument"], re.I) + oparg = re.findall(r"%\{(tx.[^%]*)}", d["operator_argument"], re.I) if oparg: for o in oparg: o = o.lower() @@ -474,7 +470,7 @@ def check_tx_variable(self): and not re.match(r"/.*/", o) and check_exists is None ): - self.undef_txvars.append( + self.error_undefined_txvars.append( { "var": o, "ruleid": ruleid, @@ -496,7 +492,7 @@ def check_tx_variable(self): # check if the variable is TX and has not a & prefix, which counts # the variable length if v["variable"].lower() == "tx": - if v["counter"] != True: + if not v["counter"]: # * if the variable part (after '.' or ':') is not there in # the list of collected TX variables, and # * not a numeric, eg TX:2, and @@ -515,7 +511,7 @@ def check_tx_variable(self): and not re.match(r"^\d$", rvar) and not re.match(r"/.*/", rvar) ): - self.undef_txvars.append( + self.error_undefined_txvars.append( { "var": rvar, "ruleid": ruleid, @@ -544,17 +540,17 @@ def check_tx_variable(self): "line": d["lineno"], "endLine": d["lineno"], } - if has_disruptive == True: + if has_disruptive: self.globtxvars[v["variable_part"].lower()][ "used" ] = True if ( - len(self.undef_txvars) > 0 - and self.undef_txvars[-1]["var"] + len(self.error_undefined_txvars) > 0 + and self.error_undefined_txvars[-1]["var"] == v["variable_part"].lower() ): - del self.undef_txvars[-1] - if chained == False: + del self.error_undefined_txvars[-1] + if not chained: check_exists = None has_disruptive = False @@ -599,9 +595,8 @@ def check_pl_consistency(self): curr_pl = int(d["operator_argument"]) if "actions" in d: - aidx = 0 # stores the index of current action chained = False - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "severity": @@ -635,7 +630,7 @@ def check_pl_consistency(self): has_pl_tag = True pltag = int(a["act_arg"].split("/")[1]) if has_nolog: - self.pltags.append( + self.error_inconsistent_pltags.append( { "ruleid": ruleid, "line": a["lineno"], @@ -644,7 +639,7 @@ def check_pl_consistency(self): } ) elif pltag != curr_pl and curr_pl > 0: - self.pltags.append( + self.error_inconsistent_pltags.append( { "ruleid": ruleid, "line": a["lineno"], @@ -654,7 +649,7 @@ def check_pl_consistency(self): ) if has_pl_tag != True and has_nolog == False and curr_pl >= 1: - self.pltags.append( + self.error_inconsistent_pltags.append( { "ruleid": ruleid, "line": a["lineno"], @@ -672,7 +667,7 @@ def check_pl_consistency(self): scorepl = re.search(r"anomaly_score_pl\d$", t) if scorepl: if curr_pl > 0 and int(t[-1]) != curr_pl: - self.plscores.append( + self.error_inconsistent_plscores.append( { "ruleid": ruleid, "line": _txvlines[t], @@ -681,7 +676,7 @@ def check_pl_consistency(self): } ) if severity is None and subst_val: # - do we need this? - self.plscores.append( + self.error_inconsistent_plscores.append( { "ruleid": ruleid, "line": _txvlines[t], @@ -691,7 +686,7 @@ def check_pl_consistency(self): ) else: if val != "tx.%s_anomaly_score" % (severity) and val != "0": - self.plscores.append( + self.error_inconsistent_plscores.append( { "ruleid": ruleid, "line": _txvlines[t], @@ -703,7 +698,7 @@ def check_pl_consistency(self): self.globtxvars[t]["used"] = True # reset local variables if we are done with a rule <==> no more 'chain' action - if chained == False: + if not chained: tags = [] # collect tags _txvars = {} # collect setvars and values _txvlines = {} # collect setvars and its lines @@ -723,9 +718,7 @@ def check_tags(self, tagslist): ruleid = 0 else: chained = False - while aidx < len(d["actions"]): - # read the action into 'a' - a = d["actions"][aidx] + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "chain": @@ -733,7 +726,7 @@ def check_tags(self, tagslist): if a["act_name"] == "tag": # check wheter tag is in tagslist if tagslist.count(a["act_arg"]) == 0: - self.newtags.append( + self.error_new_unlisted_tags.append( { "ruleid": ruleid, "line": a["lineno"], @@ -741,7 +734,6 @@ def check_tags(self, tagslist): "message": f"rule uses unknown tag: '{a["act_arg"]}'; only tags registered in the util/APPROVED_TAGS file may be used; rule id: {ruleid}", } ) - aidx += 1 def check_lowercase_ignorecase(self): ruleid = 0 @@ -751,18 +743,18 @@ def check_lowercase_ignorecase(self): regex = d["operator_argument"] if regex.startswith("(?i)"): if "actions" in d: - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "t": # check the transform is valid if a["act_arg"].lower() == "lowercase": - self.ignorecase.append( + self.error_combined_transformation_and_ignorecase.append( { "ruleid": ruleid, "line": a["lineno"], "endLine": a["lineno"], - "message": f"rule uses (?i) in combination with t:lowercase: '{a["act_arg"]'; rule id: {ruleid}", + "message": f"rule uses (?i) in combination with t:lowercase: '{a["act_arg"]}'; rule id: {ruleid}", } ) @@ -772,20 +764,18 @@ def check_crs_tag(self): """ chained = False ruleid = 0 - chainlevel = 0 has_crs = False for d in self.data: if "actions" in d: - aidx = 0 # stores the index of current action chainlevel = 0 - if chained == False: + if not chained: ruleid = 0 has_crs = False chainlevel = 0 else: chained = False - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "chain": @@ -795,9 +785,8 @@ def check_crs_tag(self): if chainlevel == 0: if a["act_arg"] == "OWASP_CRS": has_crs = True - aidx += 1 if ruleid > 0 and has_crs == False: - self.nocrstags.append( + self.error_no_crstag.append( { "ruleid": ruleid, "line": a["lineno"], @@ -819,17 +808,16 @@ def check_ver_action(self, version): ruleversion = "" for d in self.data: if "actions" in d: - aidx = 0 # stores the index of current action chainlevel = 0 - if chained == False: + if not chained: ruleid = 0 has_ver = False ver_is_ok = False chainlevel = 0 else: chained = False - for action in d["actions"]: + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "chain": @@ -843,8 +831,8 @@ def check_ver_action(self, version): else: ruleversion = a["act_arg"] if ruleid > 0 and chainlevel == 0: - if has_ver == False: - self.noveract.append( + if not has_ver: + self.error_no_ver_action_or_wrong_version.append( { "ruleid": ruleid, "line": a["lineno"], @@ -853,8 +841,8 @@ def check_ver_action(self, version): } ) else: - if ver_is_ok == False: - self.noveract.append( + if not ver_is_ok: + self.error_no_ver_action_or_wrong_version.append( { "ruleid": ruleid, "line": a["lineno"], @@ -887,14 +875,12 @@ def check_capture_action(self): use_captured_var = True captured_var_chain_level = chainlevel if "actions" in d: - aidx = 0 # stores the index of current action if chained == False: ruleid = 0 chainlevel = 0 else: chained = False - for action in d["actions"]: - a = d["actions"][aidx] + for a in d["actions"]: if a["act_name"] == "id": ruleid = int(a["act_arg"]) if a["act_name"] == "chain": @@ -904,7 +890,7 @@ def check_capture_action(self): capture_level = chainlevel has_capture = True if ruleid > 0 and chained == False: # end of chained rule - if use_captured_var == True: + if use_captured_var: # we allow if target with TX:N is in the first rule # of a chained rule without 'capture' if captured_var_chain_level > 0: @@ -912,7 +898,7 @@ def check_capture_action(self): has_capture == False or captured_var_chain_level < capture_level ): - self.nocaptact.append( + self.error_tx_N_without_capture_action.append( { "ruleid": ruleid, "line": a["lineno"], diff --git a/tests/test_linter.py b/tests/test_linter.py index be3190e..9fe548a 100644 --- a/tests/test_linter.py +++ b/tests/test_linter.py @@ -14,7 +14,7 @@ def test_check_ignore_proper_case(): c = Check(p) c.check_ignore_case() - assert len(c.caseerror) == 0 + assert len(c.error_case_mistmatch) == 0 def test_check_ignore_case_fail_invalid_action_case(): @@ -24,7 +24,7 @@ def test_check_ignore_case_fail_invalid_action_case(): c = Check(p) c.check_ignore_case() - assert len(c.caseerror) == 2 + assert len(c.error_case_mistmatch) == 2 def test_check_action_order(): @@ -34,7 +34,7 @@ def test_check_action_order(): c = Check(p) c.check_action_order() - assert len(c.orderacts) == 0 + assert len(c.error_action_order) == 0 def test_check_action_fail_wrong_order(): @@ -44,7 +44,7 @@ def test_check_action_fail_wrong_order(): c = Check(p) c.check_action_order() - assert len(c.orderacts) == 1 + assert len(c.error_action_order) == 1 def test_check_ctl_auditctl_log_parts(): @@ -54,7 +54,7 @@ def test_check_ctl_auditctl_log_parts(): c = Check(p) c.check_ctl_audit_log() - assert len(c.auditlogparts) == 0 + assert len(c.error_wrong_ctl_auditlogparts) == 0 def test_check_wrong_ctl_audit_log_parts(): @@ -63,7 +63,7 @@ def test_check_wrong_ctl_audit_log_parts(): c = Check(p) c.check_ctl_audit_log() - assert len(c.auditlogparts) == 1 + assert len(c.error_wrong_ctl_auditlogparts) == 1 def test_check_tx_variable(): @@ -88,7 +88,7 @@ def test_check_tx_variable(): c = Check(p) c.check_tx_variable() - assert len(c.undef_txvars) == 0 + assert len(c.error_undefined_txvars) == 0 def test_check_tx_variable_fail_nonexisting(): @@ -110,7 +110,7 @@ def test_check_tx_variable_fail_nonexisting(): c.collect_tx_variable() c.check_tx_variable() - assert len(c.undef_txvars) == 1 + assert len(c.error_undefined_txvars) == 1 def test_check_pl_consistency(): @@ -146,7 +146,7 @@ def test_check_pl_consistency(): c.collect_tx_variable() c.check_pl_consistency() - assert len(c.plscores) == 0 + assert len(c.error_inconsistent_plscores) == 0 def test_check_pl_consistency_fail(): @@ -182,7 +182,7 @@ def test_check_pl_consistency_fail(): c.collect_tx_variable() c.check_pl_consistency() - assert len(c.plscores) == 1 + assert len(c.error_inconsistent_plscores) == 1 def test_check_tags(): @@ -199,7 +199,7 @@ def test_check_tags(): c = Check(p) c.check_tags(["PIZZA", "OWASP_CRS"]) - assert len(c.newtags) == 0 + assert len(c.error_new_unlisted_tags) == 0 def test_check_tags_fail(): @@ -216,7 +216,7 @@ def test_check_tags_fail(): c = Check(p) c.check_tags(["OWASP_CRS", "PIZZA"]) - assert len(c.newtags) == 1 + assert len(c.error_new_unlisted_tags) == 1 def test_check_lowercase_ignorecase(): @@ -242,7 +242,7 @@ def test_check_crs_tag(): c = Check(p) c.check_crs_tag() - assert len(c.nocrstags) == 0 + assert len(c.error_no_crstag) == 0 def test_check_crs_tag_fail(): @@ -259,7 +259,7 @@ def test_check_crs_tag_fail(): c = Check(p) c.check_crs_tag() - assert len(c.nocrstags) == 1 + assert len(c.error_no_crstag) == 1 def test_check_ver_action(crsversion): @@ -277,7 +277,7 @@ def test_check_ver_action(crsversion): c = Check(p) c.check_ver_action(crsversion) - assert len(c.noveract) == 0 + assert len(c.error_no_ver_action_or_wrong_version) == 0 def test_check_ver_action_fail(crsversion): @@ -295,7 +295,7 @@ def test_check_ver_action_fail(crsversion): c = Check(p) c.check_ver_action(crsversion) - assert len(c.noveract) == 1 + assert len(c.error_no_ver_action_or_wrong_version) == 1 def test_check_capture_action(): @@ -316,7 +316,7 @@ def test_check_capture_action(): c = Check(p) c.check_capture_action() - assert len(c.nocaptact) == 0 + assert len(c.error_tx_N_without_capture_action) == 0 def test_check_capture_action_fail(): @@ -336,4 +336,4 @@ def test_check_capture_action_fail(): c = Check(p) c.check_capture_action() - assert len(c.nocaptact) == 1 + assert len(c.error_tx_N_without_capture_action) == 1