forked from corazawaf/coraza
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain_test.go
116 lines (109 loc) · 2.61 KB
/
main_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package main
import (
"bytes"
"log"
"net/http"
"net/http/httptest"
"os"
"testing"
txhttp "github.com/corazawaf/coraza/v3/http"
)
func setupTestServer(t *testing.T) *httptest.Server {
t.Helper()
waf := createWAF()
return httptest.NewServer(txhttp.WrapHandler(waf, t.Logf, http.HandlerFunc(exampleHandler)))
}
func doGetRequest(t *testing.T, getPath string) int {
t.Helper()
resp, err := http.Get(getPath)
if err != nil {
log.Fatalln(err)
}
resp.Body.Close()
return resp.StatusCode
}
func doPostRequest(t *testing.T, postPath string, data []byte) int {
t.Helper()
resp, err := http.Post(postPath, "application/x-www-form-urlencoded", bytes.NewBuffer(data))
if err != nil {
log.Fatalln(err)
}
resp.Body.Close()
return resp.StatusCode
}
func TestHttpServer(t *testing.T) {
tests := []struct {
name string
path string
expStatus int
envVars map[string]string
body []byte // if body is populated, POST request is sent
}{
{"negative", "/", 200, nil, nil},
{"positive for query parameter", "/?id=0", 403, nil, nil},
{
"positive for response body",
"/",
403,
map[string]string{
"DIRECTIVES_FILE": "./testdata/response-body.conf",
"RESPONSE_BODY": "creditcard",
},
nil,
},
{
"positive for response header",
"/",
403,
map[string]string{
"DIRECTIVES_FILE": "./testdata/response-headers.conf",
"RESPONSE_HEADERS": "foo:bar",
},
nil,
},
{
"negative for request body process partial (payload beyond processed body)",
"/",
200,
map[string]string{
"DIRECTIVES_FILE": "./testdata/request-body-limits-processpartial.conf",
},
[]byte("beyond the limit script"),
},
// TODO(M4tteoP) uncomment after merging WriteRsponseBody logic
// {
// "positive for response body limit reject",
// "/",
// 403,
// map[string]string{
// "DIRECTIVES_FILE": "./testdata/response-body-limits-reject.conf",
// "RESPONSE_BODY": "response body beyond the limit",
// },
// nil,
// },
}
// Perform tests
for _, tc := range tests {
tt := tc
var statusCode int
t.Run(tt.name, func(t *testing.T) {
if len(tt.envVars) > 0 {
for k, v := range tt.envVars {
os.Setenv(k, v)
defer os.Unsetenv(k)
}
}
// Spin up the test server
testServer := setupTestServer(t)
defer testServer.Close()
if tt.body == nil {
statusCode = doGetRequest(t, testServer.URL+tt.path)
} else {
statusCode = doPostRequest(t, testServer.URL+tt.path, tt.body)
}
if want, have := tt.expStatus, statusCode; want != have {
t.Errorf("Unexpected status code, want: %d, have: %d", want, have)
}
})
}
}