0783ce3f57
- Create a new script `waf_integration.sh` to automate testing of WAF (Coraza) features. - The script includes steps to build the local Docker image, start necessary containers, register a test user, create proxy hosts, and validate WAF rulesets for XSS and SQL injection attacks. - Implement logging for test results and cleanup procedures to ensure resources are properly managed. - Include assertions for HTTP status codes to verify expected behavior during tests.
35 lines
768 B
Go
35 lines
768 B
Go
//go:build integration
|
|
// +build integration
|
|
|
|
package integration
|
|
|
|
import (
|
|
"context"
|
|
"os/exec"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
// TestWAFIntegration runs the scripts/waf_integration.sh and ensures it completes successfully.
|
|
func TestWAFIntegration(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
|
|
defer cancel()
|
|
|
|
cmd := exec.CommandContext(ctx, "bash", "./scripts/waf_integration.sh")
|
|
cmd.Dir = "../.."
|
|
|
|
out, err := cmd.CombinedOutput()
|
|
t.Logf("waf_integration script output:\n%s", string(out))
|
|
|
|
if err != nil {
|
|
t.Fatalf("waf integration failed: %v", err)
|
|
}
|
|
|
|
if !strings.Contains(string(out), "ALL WAF TESTS PASSED") {
|
|
t.Fatalf("unexpected script output, expected pass assertion not found")
|
|
}
|
|
}
|