e06eb4177b
- Changed report title to reflect security audit focus - Updated date and status to indicate approval for commit - Enhanced executive summary with detailed validation results - Included comprehensive test coverage results for backend and frontend - Documented pre-commit hooks validation and known issues - Added detailed security scan results, confirming absence of CVE-2025-68156 - Verified binary inspection for expr-lang dependency - Provided risk assessment and recommendations for post-merge actions - Updated compliance matrix and final assessment sections - Improved overall report structure and clarity
Scripts Directory
Running Tests Locally Before Pushing to CI
WAF Integration Test
Always run this locally before pushing WAF-related changes to avoid CI failures:
# From project root
bash ./scripts/coraza_integration.sh
Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script
Requirements:
-
Docker image
charon:localmust be built first:docker build -t charon:local . -
The script will:
- Start a test container with WAF enabled
- Create a backend container (httpbin)
- Test WAF in block mode (expect HTTP 403)
- Test WAF in monitor mode (expect HTTP 200)
- Clean up all test containers
Expected output:
✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===
Other Test Scripts
- Security Scan:
bash ./scripts/security-scan.sh - Go Test Coverage:
bash ./scripts/go-test-coverage.sh - Frontend Test Coverage:
bash ./scripts/frontend-test-coverage.sh
CI/CD Workflows
Changes to these scripts may trigger CI workflows:
coraza_integration.sh→ WAF Integration Tests workflow- Files in
.github/workflows/directory control CI behavior
Tip: Run tests locally to save CI minutes and catch issues faster!