After migrating base image from Alpine to Debian Trixie (PR #550),
integration test scripts were using wget-style options with curl
that don't work correctly on Debian.
Changed curl -q -O- (wget syntax) to curl -sf (proper curl):
waf_integration.sh
cerberus_integration.sh
rate_limit_integration.sh
crowdsec_startup_test.sh
install-go-1.25.5.sh
Also added future phase to plan for Playwright security test helpers
to prevent ACL deadlock issues during E2E testing.
Refs: #550
- Updated WafConfig.tsx to correct regex for common bad bots.
- Modified cerberus_integration.sh to use curl instead of wget for backend readiness check.
- Changed coraza_integration.sh to utilize curl for checking httpbin backend status.
- Updated crowdsec_startup_test.sh to use curl for LAPI health check.
- Replaced wget with curl in install-go-1.25.5.sh for downloading Go.
- Modified rate_limit_integration.sh to use curl for backend readiness check.
- Updated waf_integration.sh to replace wget with curl for checking httpbin backend status.
- Create a new script `waf_integration.sh` to automate testing of WAF (Coraza) features.
- The script includes steps to build the local Docker image, start necessary containers, register a test user, create proxy hosts, and validate WAF rulesets for XSS and SQL injection attacks.
- Implement logging for test results and cleanup procedures to ensure resources are properly managed.
- Include assertions for HTTP status codes to verify expected behavior during tests.
