Squashed commit of the following:

commit 81851eb
Author: Robert Paprocki <[email protected]>
Date:   Tue Aug 16 13:28:02 2016 -0700

    translate_macro tests

commit 0cfe489
Author: Robert Paprocki <[email protected]>
Date:   Tue Aug 16 11:27:32 2016 -0700

    figure_phases tests

commit 0315f14
Author: Robert Paprocki <[email protected]>
Date:   Tue Aug 16 11:16:13 2016 -0700

    translate_actions tests

commit 092dd8c
Author: Robert Paprocki <[email protected]>
Date:   Mon Aug 15 15:02:40 2016 -0700

    translate_operator tests

commit efffbfd
Author: Robert Paprocki <[email protected]>
Date:   Mon Aug 15 12:53:21 2016 -0700

    translate_vars tests

commit 265f8c3
Author: Robert Paprocki <[email protected]>
Date:   Mon Aug 15 11:37:14 2016 -0700

    translate_chain tests

commit 15048fc
Author: Robert Paprocki <[email protected]>
Date:   Mon Aug 15 10:10:10 2016 -0700

    Fix mocking for translate_chains test

commit 35af471
Author: Robert Paprocki <[email protected]>
Date:   Thu Aug 11 13:55:49 2016 -0700

    translate_chains tests

commit fd3d1d1
Author: Robert Paprocki <[email protected]>
Date:   Tue Aug 9 16:51:27 2016 -0700

    build_chains test

commit 097c47d
Author: Robert Paprocki <[email protected]>
Date:   Sun Aug 7 15:45:43 2016 -0700

    strip_encap_quotes tests

commit 57a2962
Author: Robert Paprocki <[email protected]>
Date:   Sun Aug 7 15:37:06 2016 -0700

    parse_actions tests

commit 36b3f61
Author: Robert Paprocki <[email protected]>
Date:   Sat Aug 6 18:24:52 2016 -0700

    parse_operator tests

    Note the TODO block; chunk containing the operator's capturing group
    needs to be wrapped in an optional non-capturing group to allow
    this behavior. See CRSv2 rule 960911 for an example of this.

commit d344f22
Author: Robert Paprocki <[email protected]>
Date:   Sat Aug 6 18:03:18 2016 -0700

    Simplify test

    Don't need to pass a separate arrayref here

commit 719c12a
Author: Robert Paprocki <[email protected]>
Date:   Sat Aug 6 17:55:59 2016 -0700

    parse_vars tests

commit b873b86
Author: Robert Paprocki <[email protected]>
Date:   Fri Aug 5 10:12:42 2016 -0700

    Add tokenization and parsing tests

commit 3786a9b
Author: Robert Paprocki <[email protected]>
Date:   Fri Aug 5 10:11:55 2016 -0700

    Remove the escaping backslashes from escaped quotes when tokenizing

commit 855fa27
Author: Robert Paprocki <[email protected]>
Date:   Thu Aug 4 14:19:35 2016 -0700

    Break out Makefile

commit 2c49449
Author: Robert Paprocki <[email protected]>
Date:   Thu Aug 4 10:25:23 2016 -0700

    Add Exporter::Declare to Travis builds

    Yeah, that might be kinda important

commit c0d5a7c
Author: Robert Paprocki <[email protected]>
Date:   Thu Aug 4 10:17:33 2016 -0700

    Split translation tooling into a module for testing

.travis.yml

@@ -9,11 +9,12 @@ env:
     - V_OPENRESTY=1.9.15.1 DATE=20160714 TEST=unit
     - V_OPENRESTY=1.9.15.1 DATE=20160714 TEST=acceptance
     - V_OPENRESTY=1.9.15.1 DATE=20160714 TEST=regression
+    - V_OPENRESTY=1.9.15.1 DATE=20160714 TEST=translate
 services:
     - memcached
     - redis
 install:
-    - cpanm -v --notest Test::Nginx
+    - cpanm -v --notest Test::Nginx Test::More Exporter::Declare Test::Exception Test::MockModule;
 before_script:
     - sudo apt-get update -q
     - sudo apt-get install libssl-dev lua5.1 -y

Makefile

@@ -8,15 +8,26 @@ LIBS    = cookie.lua iputils.lua logger libinjection.lua waf waf.lua
 SO_LIBS = libac.so libinjection.so
 RULES   = rules
 
-.PHONY: all test install clean
+.PHONY: all test install clean test-unit test-acceptance test-regression test-translate
 
 all: ;
 
 clean:
 	cd $(LUA_LIB_DIR) && rm -rf $(RULES) && rm $(SO_LIBS) && cd resty/ && rm -rf $(LIBS)
 
-test:
-	PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -r ./t/
+test-unit:
+	PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -r ./t/unit
+
+test-acceptance:
+	PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -r ./t/acceptance
+
+test-regression:
+	PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -r ./t/regression
+
+test-translate:
+	prove -r ./t/translate/
+
+test: test-unit test-acceptance test-regression test-translate
 
 install: all
 	$(INSTALL) $(PWD)/lib/resty/* $(LUA_LIB_DIR)/resty/

t/data/ips.txt

@@ -0,0 +1,3 @@
+1.2.3.4
+5.6.7.8
+10.10.10.0/24

t/translate/01_sanity.t

@@ -0,0 +1,7 @@
+use Test::More;
+
+use lib 'tools';
+
+use_ok('Modsec2LRW', ':translate');
+
+done_testing;

t/translate/02_valid_line.t

@@ -0,0 +1,42 @@
+use Test::More;
+
+use lib 'tools';
+use Modsec2LRW qw(valid_line);
+
+is(
+	valid_line('SecRule '),
+	1,
+	'line starting with SecRule is valid'
+);
+
+is(
+	valid_line('SecAction '),
+	1,
+	'line starting with SecAction is valid'
+);
+
+is(
+	valid_line('SecDefaultAction '),
+	1,
+	'line starting with SecDefaultAction is valid'
+);
+
+is(
+	valid_line('SecMarker '),
+	1,
+	'line starting with SecMarker is valid'
+);
+
+is(
+	valid_line('SecFoo '),
+	'',
+	'line starting with unknown directive is invalid'
+);
+
+is(
+	valid_line(sprintf "%08X\n", rand(0xffffffff)),
+	'',
+	'line starting with random junk is invalid'
+);
+
+done_testing;

t/translate/03_clean_input.t

@@ -0,0 +1,147 @@
+use Test::More;
+
+use lib 'tools';
+use Modsec2LRW qw(clean_input);
+
+my $basic             = q/SecRule ARGS "foo" "id:12345,pass"/;
+my $trim_left         = q/	SecRule ARGS "foo" "id:12345,pass"/;
+my $trim_right        = q/SecRule ARGS "foo" "id:12345,pass"	/;
+my $trim_both         = q/	SecRule ARGS "foo" "id:12345,pass"	/;
+my $ignore_comment    = q/#SecRule ARGS "foo" "id:12345,pass"/;
+my $invalid_directive = q/Secrule ARGS "foo" "id:12345,pass"/;
+my $multi_line        = q/
+SecRule \
+	ARGS \
+	"foo" \
+	"id:12345,pass"
+/;
+my $multi_line_action = q/
+SecRule                 \
+	ARGS                \
+	"foo"               \
+	"id:12345,          \
+	phase:1,            \
+	block,              \
+	setvar:tx.foo=bar,  \
+	expirevar:tx.foo=60"
+/;
+
+{
+	open my $stdin, '<', \ $basic;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345,pass"/ ],
+		'basic'
+	);
+}
+
+{
+	open my $stdin, '<', \ $trim_left;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345,pass"/ ],
+		'trim left'
+	);
+}
+
+{
+	open my $stdin, '<', \ $trim_right;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345,pass"/ ],
+		'trim right'
+	);
+}
+
+{
+	open my $stdin, '<', \ $trim_both;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345,pass"/ ],
+		'trim both'
+	);
+}
+
+{
+	open my $stdin, '<', \ $ignore_comment;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[],
+		'comment'
+	);
+}
+
+{
+	open my $stdin, '<', \ $invalid_directive;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[],
+		'invalid_directive'
+	);
+}
+
+{
+	open my $stdin, '<', \ $multi_line;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345,pass"/ ],
+		'multi line'
+	);
+}
+
+{
+	my $data = "$basic\n$multi_line\n";
+	open my $stdin, '<', \ $data;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[
+			q/SecRule ARGS "foo" "id:12345,pass"/,
+			q/SecRule ARGS "foo" "id:12345,pass"/,
+		],
+		'multiple elements'
+	);
+}
+
+{
+	my $data = "$basic\n$comment\n$multi_line";
+	open my $stdin, '<', \ $data;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[
+			q/SecRule ARGS "foo" "id:12345,pass"/,
+			q/SecRule ARGS "foo" "id:12345,pass"/,
+		],
+		'multi line with comment'
+	);
+}
+
+{
+	open my $stdin, '<', \ $multi_line_action;
+	local *STDIN = $stdin;
+	my @out = clean_input(*STDIN);
+	is_deeply(
+		\@out,
+		[ q/SecRule ARGS "foo" "id:12345, phase:1, block, setvar:tx.foo=bar, expirevar:tx.foo=60"/ ],
+		'multi line action, each line is joined with a space'
+	);
+}
+
+done_testing;

t/translate/04_tokenize.t

@@ -0,0 +1,106 @@
+use Test::More;
+
+use lib 'tools';
+use Modsec2LRW qw(tokenize);
+
+my @out;
+
+@out = tokenize('foo');
+is_deeply(
+	\@out,
+	[ qw(foo) ],
+	'single token'
+);
+
+@out = tokenize('foo bar');
+is_deeply(
+	\@out,
+	[ qw(foo bar) ],
+	'two tokens'
+);
+
+@out = tokenize('"foo"');
+is_deeply(
+	\@out,
+	[ qw(foo) ],
+	'quote-wrapped token'
+);
+
+@out = tokenize('"foo" "bar"');
+is_deeply(
+	\@out,
+	[ qw(foo bar) ],
+	'two quote-wrapped tokens'
+);
+
+@out = tokenize('"foo" bar');
+is_deeply(
+	\@out,
+	[ qw(foo bar) ],
+	'two tokens, first quote-wrapped'
+);
+
+@out = tokenize('foo "bar"');
+is_deeply(
+	\@out,
+	[ qw(foo bar) ],
+	'two tokens, second quote-wrapped'
+);
+
+@out = tokenize('"foo \"bar"');
+is_deeply(
+	\@out,
+	[ q(foo "bar) ],
+	'quote-wrapped token with single escaped quote'
+);
+
+@out = tokenize('"foo \"bar\""');
+is_deeply(
+	\@out,
+	[ q(foo "bar") ],
+	'quote-wrapped token with two escaped quotes'
+);
+
+@out = tokenize('"foo \"" bar');
+is_deeply(
+	\@out,
+	[ q(foo "), q(bar) ],
+	'quote-wrapped token with escaped quote, then unquoted token'
+);
+
+@out = tokenize('foo "bar \""');
+is_deeply(
+	\@out,
+	[ q(foo), q(bar ") ],
+	'unquoted token, then quote-wrapped token with escaped token'
+);
+
+@out = tokenize('foo bar baz "bat"');
+is_deeply(
+	\@out,
+	[ qw(foo bar baz bat) ],
+	'four tokens, last is quote-wrapped'
+);
+
+@out = tokenize('foo bar baz "bat,qux:\'frob foo\'"');
+is_deeply(
+	\@out,
+	[ qw(foo bar baz), q(bat,qux:'frob foo') ],
+	'four tokens, last is with escaped single quotes'
+);
+
+@out = tokenize('foo bar "baz qux" "bat"');
+is_deeply(
+	\@out,
+	[ qw(foo bar), q(baz qux), q(bat) ],
+	'four tokens, two are quote-wrapped'
+);
+
+@out = tokenize('foo bar "baz \"qux\"" "bat"');
+is_deeply(
+	\@out,
+	[ qw(foo bar), q(baz "qux"), q(bat) ],
+	'four tokens, two are quote-wrapped, one escaped quote'
+);
+
+done_testing;