Charon/.github/skills/integration-test-waf.SKILL.md

name, version, description, author, license, tags, compatibility, requirements, environment_variables, parameters, outputs, metadata

name	version	description	author	license	tags	compatibility	requirements	environment_variables	parameters	outputs	metadata
integration-test-waf	1.0.0	Test generic WAF integration behavior	Charon Project	MIT	integration waf security testing	os shells linux darwin bash	name version optional docker >=24.0 false name version optional curl >=7.0 false	name description default required WAF_MODE Override WAF mode (monitor or block) false	name type description default required verbose boolean Enable verbose output false false	name type description test_results stdout WAF integration test results	category subcategory execution_time risk_level ci_cd_safe requires_network idempotent integration-test waf medium medium true true true

Integration Test WAF

Overview

Tests the generic WAF integration behavior using the legacy WAF script. This test is kept for local verification and is not the CI WAF entrypoint (Coraza is the CI path).

Prerequisites

• Docker 24.0 or higher installed and running
• curl 7.0 or higher for API testing

Usage

Run the WAF integration tests:

.github/skills/scripts/skill-runner.sh integration-test-waf

Parameters

Parameter	Type	Required	Default	Description
verbose	boolean	No	false	Enable verbose output

Environment Variables

Variable	Required	Default	Description
WAF_MODE	No	(script default)	Override WAF mode

Outputs

Success Exit Code

• 0: All WAF integration tests passed

Error Exit Codes

• 1: One or more tests failed
• 2: Docker environment setup failed
• 3: Container startup timeout

Test Coverage

This skill validates:

1. WAF blocking behavior for common payloads
2. Allowed requests succeed

---

Last Updated: 2026-02-07 Maintained by: Charon Project Team Source: scripts/waf_integration.sh