akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
4e9d6825a6c81ee4cccdd6b1dca53aeeba1ea26f
Charon/backend/internal/api/tests/integration_test.go
GitHub Actions 8294d6ee49 Add QA test outputs, build scripts, and Dockerfile validation 
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
2025-12-11 18:26:24 +00:00

73 lines
2.2 KiB
Go
Raw Blame History

// Package tests contains integration tests for the API.
package tests
import (
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/gin-gonic/gin"
"gorm.io/driver/sqlite"
"gorm.io/gorm"
"github.com/Wikid82/charon/backend/internal/api/routes"
"github.com/Wikid82/charon/backend/internal/config"
)
// TestIntegration_WAF_BlockAndMonitor exercises middleware behavior and metrics exposure.
func TestIntegration_WAF_BlockAndMonitor(t *testing.T) {
gin.SetMode(gin.TestMode)
// Helper to spin server with given WAF mode
newServer := func(mode string) (*gin.Engine, *gorm.DB) {
db, err := gorm.Open(sqlite.Open("file::memory:?cache=shared"), &gorm.Config{})
if err != nil {
t.Fatalf("db open: %v", err)
}
cfg, err := config.Load()
if err != nil {
t.Fatalf("load cfg: %v", err)
}
cfg.Security.WAFMode = mode
r := gin.New()
if err := routes.Register(r, db, cfg); err != nil {
t.Fatalf("register: %v", err)
}
return r, db
}
// Block mode should reject suspicious payload on an API route covered by middleware
rBlock, _ := newServer("block")
req := httptest.NewRequest(http.MethodGet, "/api/v1/remote-servers?test=<script>", http.NoBody)
w := httptest.NewRecorder()
rBlock.ServeHTTP(w, req)
if w.Code == http.StatusOK {
t.Fatalf("expected block in block mode, got 200: body=%s", w.Body.String())
}
// Monitor mode should allow request but still evaluate (log-only)
rMon, _ := newServer("monitor")
req2 := httptest.NewRequest(http.MethodGet, "/api/v1/remote-servers?test=<script>", http.NoBody)
w2 := httptest.NewRecorder()
rMon.ServeHTTP(w2, req2)
if w2.Code != http.StatusOK {
t.Fatalf("unexpected status in monitor mode: %d", w2.Code)
}
// Metrics should be exposed
reqM := httptest.NewRequest(http.MethodGet, "/metrics", http.NoBody)
wM := httptest.NewRecorder()
rMon.ServeHTTP(wM, reqM)
if wM.Code != http.StatusOK {
t.Fatalf("metrics not served: %d", wM.Code)
}
body := wM.Body.String()
required := []string{"charon_waf_requests_total", "charon_waf_blocked_total", "charon_waf_monitored_total"}
for _, k := range required {
if !strings.Contains(body, k) {
t.Fatalf("missing metric %s in /metrics output", k)
}
}
}
Reference in New Issue View Git Blame Copy Permalink