TRKJ/EdgeNode
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeNode.git synced 2025-11-04 16:00:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
60a4016101b3ed041b024d3b5fd9decf28f3a046
EdgeNode/internal/waf/waf_test.go

213 lines
4.4 KiB
Go
Raw Normal View History

WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
package waf_test
实现WAF
2020-10-08 15:06:42 +08:00
import (
修复WAF相关单元测试
2023-11-16 08:43:31 +08:00
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
"github.com/TeaOSLab/EdgeNode/internal/waf"
WAF增加多个动作
2021-07-18 15:51:49 +08:00
"github.com/TeaOSLab/EdgeNode/internal/waf/requests"
实现WAF
2020-10-08 15:06:42 +08:00
"github.com/iwind/TeaGo/assert"
WAF允许动作默认跳过所有规则
2024-01-20 20:54:41 +08:00
"github.com/iwind/TeaGo/maps"
实现WAF
2020-10-08 15:06:42 +08:00
"net/http"
"testing"
)
func TestWAF_MatchRequest(t *testing.T) {
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
var a = assert.NewAssertion(t)
实现WAF
2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
var set = waf.NewRuleSet()
实现WAF
2020-10-08 15:06:42 +08:00
set.Name = "Name_Age"
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
set.Connector = waf.RuleConnectorAnd
set.Rules = []*waf.Rule{
实现WAF
2020-10-08 15:06:42 +08:00
{
Param: "${arg.name}",
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
Operator: waf.RuleOperatorEqString,
实现WAF
2020-10-08 15:06:42 +08:00
Value: "lu",
},
{
Param: "${arg.age}",
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
Operator: waf.RuleOperatorEq,
实现WAF
2020-10-08 15:06:42 +08:00
Value: "20",
},
}
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
set.AddAction(waf.ActionBlock, nil)
实现WAF
2020-10-08 15:06:42 +08:00
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
var group = waf.NewRuleGroup()
实现WAF
2020-10-08 15:06:42 +08:00
group.AddRuleSet(set)
group.IsInbound = true
WAF SQL注入和XSS检测增加缓存/优化部分WAF相关测试用例
2023-12-09 11:46:50 +08:00
var wafInstance = waf.NewWAF()
wafInstance.AddRuleGroup(group)
errs := wafInstance.Init()
自动使用本地防火墙/增加edge-node [ip.drop|ip.reject|ip.remove]等命令
2022-01-09 17:07:37 +08:00
if len(errs) > 0 {
t.Fatal(errs[0])
实现WAF
2020-10-08 15:06:42 +08:00
}
req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
if err != nil {
t.Fatal(err)
}
WAF允许动作默认跳过所有规则
2024-01-20 20:54:41 +08:00
result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
实现WAF
2020-10-08 15:06:42 +08:00
if err != nil {
t.Fatal(err)
}
if set == nil {
t.Log("not match")
return
}
WAF允许动作默认跳过所有规则
2024-01-20 20:54:41 +08:00
t.Log("goNext:", result.GoNext, "set:", set.Name)
a.IsFalse(result.GoNext)
}
func TestWAF_MatchRequest_Allow(t *testing.T) {
var a = assert.NewAssertion(t)
var wafInstance = waf.NewWAF()
{
var set = waf.NewRuleSet()
set.Id = 1
set.Name = "set1"
set.Connector = waf.RuleConnectorAnd
set.Rules = []*waf.Rule{
{
Param: "${requestPath}",
Operator: waf.RuleOperatorMatch,
Value: "hello",
},
}
set.AddAction(waf.ActionAllow, maps.Map{
"scope": "global",
})
var group = waf.NewRuleGroup()
group.Id = 1
group.AddRuleSet(set)
group.IsInbound = true
wafInstance.AddRuleGroup(group)
}
{
var set = waf.NewRuleSet()
set.Id = 2
set.Name = "set2"
set.Connector = waf.RuleConnectorAnd
set.Rules = []*waf.Rule{
{
Param: "${requestPath}",
Operator: waf.RuleOperatorMatch,
Value: "he",
},
}
set.AddAction(waf.ActionAllow, maps.Map{
"scope": "global",
})
var group = waf.NewRuleGroup()
group.Id = 2
group.AddRuleSet(set)
group.IsInbound = true
wafInstance.AddRuleGroup(group)
}
errs := wafInstance.Init()
if len(errs) > 0 {
t.Fatal(errs[0])
}
req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
if err != nil {
t.Fatal(err)
}
result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
if err != nil {
t.Fatal(err)
}
if result.Set == nil {
t.Log("not match")
return
}
t.Log("goNext:", result.GoNext, "set:", result.Set.Name)
a.IsTrue(result.Set.Id == 1)
a.IsTrue(result.GoNext)
a.IsTrue(result.IsAllowed)
a.IsTrue(result.AllowScope == "global")
}
func TestWAF_MatchRequest_Allow2(t *testing.T) {
var a = assert.NewAssertion(t)
var wafInstance = waf.NewWAF()
{
var set = waf.NewRuleSet()
set.Id = 1
set.Name = "set1"
set.Connector = waf.RuleConnectorAnd
set.Rules = []*waf.Rule{
{
Param: "${requestPath}",
Operator: waf.RuleOperatorMatch,
Value: "hello",
},
}
set.AddAction(waf.ActionAllow, maps.Map{
"scope": "group",
})
var group = waf.NewRuleGroup()
group.Id = 1
group.AddRuleSet(set)
group.IsInbound = true
wafInstance.AddRuleGroup(group)
}
{
var set = waf.NewRuleSet()
set.Id = 2
set.Name = "set2"
set.Connector = waf.RuleConnectorAnd
set.Rules = []*waf.Rule{
{
Param: "${requestPath}",
Operator: waf.RuleOperatorMatch,
Value: "he",
},
}
set.AddAction(waf.ActionAllow, maps.Map{
"scope": "global",
})
var group = waf.NewRuleGroup()
group.Id = 2
group.AddRuleSet(set)
group.IsInbound = true
wafInstance.AddRuleGroup(group)
}
errs := wafInstance.Init()
if len(errs) > 0 {
t.Fatal(errs[0])
}
req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil)
if err != nil {
t.Fatal(err)
}
result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone)
if err != nil {
t.Fatal(err)
}
if result.Set == nil {
t.Log("not match")
return
}
t.Log("goNext:", result.GoNext, "set:", result.Set.Name)
a.IsTrue(result.Set.Id == 2)
a.IsTrue(result.GoNext)
a.IsTrue(result.IsAllowed)
a.IsTrue(result.AllowScope == "global")
实现WAF
2020-10-08 15:06:42 +08:00
}
Reference in New Issue Copy Permalink