github.com/TeaOSLab/EdgeNode@v1.3.8/internal/waf/waf_test.go (about) 1 package waf_test 2 3 import ( 4 "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs" 5 "github.com/TeaOSLab/EdgeNode/internal/waf" 6 "github.com/TeaOSLab/EdgeNode/internal/waf/requests" 7 "github.com/iwind/TeaGo/assert" 8 "github.com/iwind/TeaGo/maps" 9 "net/http" 10 "testing" 11 ) 12 13 func TestWAF_MatchRequest(t *testing.T) { 14 var a = assert.NewAssertion(t) 15 16 var set = waf.NewRuleSet() 17 set.Name = "Name_Age" 18 set.Connector = waf.RuleConnectorAnd 19 set.Rules = []*waf.Rule{ 20 { 21 Param: "${arg.name}", 22 Operator: waf.RuleOperatorEqString, 23 Value: "lu", 24 }, 25 { 26 Param: "${arg.age}", 27 Operator: waf.RuleOperatorEq, 28 Value: "20", 29 }, 30 } 31 set.AddAction(waf.ActionBlock, nil) 32 33 var group = waf.NewRuleGroup() 34 group.AddRuleSet(set) 35 group.IsInbound = true 36 37 var wafInstance = waf.NewWAF() 38 wafInstance.AddRuleGroup(group) 39 errs := wafInstance.Init() 40 if len(errs) > 0 { 41 t.Fatal(errs[0]) 42 } 43 44 req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil) 45 if err != nil { 46 t.Fatal(err) 47 } 48 result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone) 49 if err != nil { 50 t.Fatal(err) 51 } 52 if set == nil { 53 t.Log("not match") 54 return 55 } 56 t.Log("goNext:", result.GoNext, "set:", set.Name) 57 a.IsFalse(result.GoNext) 58 } 59 60 func TestWAF_MatchRequest_Allow(t *testing.T) { 61 var a = assert.NewAssertion(t) 62 63 var wafInstance = waf.NewWAF() 64 65 { 66 var set = waf.NewRuleSet() 67 set.Id = 1 68 set.Name = "set1" 69 set.Connector = waf.RuleConnectorAnd 70 set.Rules = []*waf.Rule{ 71 { 72 Param: "${requestPath}", 73 Operator: waf.RuleOperatorMatch, 74 Value: "hello", 75 }, 76 } 77 set.AddAction(waf.ActionAllow, maps.Map{ 78 "scope": "global", 79 }) 80 81 var group = waf.NewRuleGroup() 82 group.Id = 1 83 group.AddRuleSet(set) 84 group.IsInbound = true 85 86 wafInstance.AddRuleGroup(group) 87 } 88 89 { 90 var set = waf.NewRuleSet() 91 set.Id = 2 92 set.Name = "set2" 93 set.Connector = waf.RuleConnectorAnd 94 set.Rules = []*waf.Rule{ 95 { 96 Param: "${requestPath}", 97 Operator: waf.RuleOperatorMatch, 98 Value: "he", 99 }, 100 } 101 set.AddAction(waf.ActionAllow, maps.Map{ 102 "scope": "global", 103 }) 104 105 var group = waf.NewRuleGroup() 106 group.Id = 2 107 group.AddRuleSet(set) 108 group.IsInbound = true 109 110 wafInstance.AddRuleGroup(group) 111 } 112 113 errs := wafInstance.Init() 114 if len(errs) > 0 { 115 t.Fatal(errs[0]) 116 } 117 118 req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil) 119 if err != nil { 120 t.Fatal(err) 121 } 122 result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone) 123 if err != nil { 124 t.Fatal(err) 125 } 126 if result.Set == nil { 127 t.Log("not match") 128 return 129 } 130 t.Log("goNext:", result.GoNext, "set:", result.Set.Name) 131 a.IsTrue(result.Set.Id == 1) 132 a.IsTrue(result.GoNext) 133 a.IsTrue(result.IsAllowed) 134 a.IsTrue(result.AllowScope == "global") 135 } 136 137 func TestWAF_MatchRequest_Allow2(t *testing.T) { 138 var a = assert.NewAssertion(t) 139 140 var wafInstance = waf.NewWAF() 141 142 { 143 var set = waf.NewRuleSet() 144 set.Id = 1 145 set.Name = "set1" 146 set.Connector = waf.RuleConnectorAnd 147 set.Rules = []*waf.Rule{ 148 { 149 Param: "${requestPath}", 150 Operator: waf.RuleOperatorMatch, 151 Value: "hello", 152 }, 153 } 154 set.AddAction(waf.ActionAllow, maps.Map{ 155 "scope": "group", 156 }) 157 158 var group = waf.NewRuleGroup() 159 group.Id = 1 160 group.AddRuleSet(set) 161 group.IsInbound = true 162 163 wafInstance.AddRuleGroup(group) 164 } 165 166 { 167 var set = waf.NewRuleSet() 168 set.Id = 2 169 set.Name = "set2" 170 set.Connector = waf.RuleConnectorAnd 171 set.Rules = []*waf.Rule{ 172 { 173 Param: "${requestPath}", 174 Operator: waf.RuleOperatorMatch, 175 Value: "he", 176 }, 177 } 178 set.AddAction(waf.ActionAllow, maps.Map{ 179 "scope": "global", 180 }) 181 182 var group = waf.NewRuleGroup() 183 group.Id = 2 184 group.AddRuleSet(set) 185 group.IsInbound = true 186 187 wafInstance.AddRuleGroup(group) 188 } 189 190 errs := wafInstance.Init() 191 if len(errs) > 0 { 192 t.Fatal(errs[0]) 193 } 194 195 req, err := http.NewRequest(http.MethodGet, "http://teaos.cn/hello?name=lu&age=20", nil) 196 if err != nil { 197 t.Fatal(err) 198 } 199 result, err := wafInstance.MatchRequest(requests.NewTestRequest(req), nil, firewallconfigs.ServerCaptchaTypeNone) 200 if err != nil { 201 t.Fatal(err) 202 } 203 if result.Set == nil { 204 t.Log("not match") 205 return 206 } 207 t.Log("goNext:", result.GoNext, "set:", result.Set.Name) 208 a.IsTrue(result.Set.Id == 2) 209 a.IsTrue(result.GoNext) 210 a.IsTrue(result.IsAllowed) 211 a.IsTrue(result.AllowScope == "global") 212 }