338f864f60
- The rate-limit integration test was sending rate_limit_enable:true in the security config POST, but the backend injects the Caddy rate_limit handler only when rate_limit_mode is the string "enabled" - Because rate_limit_mode was absent from the payload, the database default of "disabled" persisted and the guard condition always evaluated false, leaving the handler uninjected across all 10 verify attempts - Replaced the boolean rate_limit_enable with the string field rate_limit_mode:"enabled" to match the exact contract the backend enforces
Scripts Directory
Running Tests Locally Before Pushing to CI
WAF Integration Test
Always run this locally before pushing WAF-related changes to avoid CI failures:
# From project root
bash ./scripts/coraza_integration.sh
Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script
Requirements:
-
Docker image
charon:localmust be built first:docker build -t charon:local . -
The script will:
- Start a test container with WAF enabled
- Create a backend container (httpbin)
- Test WAF in block mode (expect HTTP 403)
- Test WAF in monitor mode (expect HTTP 200)
- Clean up all test containers
Expected output:
✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===
Other Test Scripts
- Security Scan:
bash ./scripts/security-scan.sh - Go Test Coverage:
bash ./scripts/go-test-coverage.sh - Frontend Test Coverage:
bash ./scripts/frontend-test-coverage.sh
CI/CD Workflows
Changes to these scripts may trigger CI workflows:
coraza_integration.sh→ WAF Integration Tests workflow- Files in
.github/workflows/directory control CI behavior
Tip: Run tests locally to save CI minutes and catch issues faster!