Charon/scripts

Scripts Directory

Running Tests Locally Before Pushing to CI

WAF Integration Test

Always run this locally before pushing WAF-related changes to avoid CI failures:

# From project root
bash ./scripts/coraza_integration.sh

Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script

Requirements:

• Docker image charon:local must be built first:

  docker build -t charon:local .
  

• The script will:

  1. Start a test container with WAF enabled
  2. Create a backend container (httpbin)
  3. Test WAF in block mode (expect HTTP 403)
  4. Test WAF in monitor mode (expect HTTP 200)
  5. Clean up all test containers

Expected output:

✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===

Other Test Scripts

• Security Scan: bash ./scripts/security-scan.sh
• Go Test Coverage: bash ./scripts/go-test-coverage.sh
• Frontend Test Coverage: bash ./scripts/frontend-test-coverage.sh

CI/CD Workflows

Changes to these scripts may trigger CI workflows:

• coraza_integration.sh → WAF Integration Tests workflow
• Files in .github/workflows/ directory control CI behavior

Tip: Run tests locally to save CI minutes and catch issues faster!