github.com/crowdsecurity/crowdsec@v1.6.1/pkg/acquisition/modules/appsec/appsec_lnx_test.go

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/acquisition/modules/appsec/appsec_lnx_test.go (about)

     1  //go:build !windows
     2  // +build !windows
     3  
     4  package appsecacquisition
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/crowdsecurity/crowdsec/pkg/appsec"
    10  	"github.com/crowdsecurity/crowdsec/pkg/appsec/appsec_rule"
    11  	"github.com/crowdsecurity/crowdsec/pkg/types"
    12  	log "github.com/sirupsen/logrus"
    13  	"github.com/stretchr/testify/require"
    14  )
    15  
    16  func TestAppsecRuleTransformsOthers(t *testing.T) {
    17  
    18  	log.SetLevel(log.TraceLevel)
    19  	tests := []appsecRuleTest{
    20  		{
    21  			name:             "normalizepath",
    22  			expected_load_ok: true,
    23  			inband_rules: []appsec_rule.CustomRule{
    24  				{
    25  					Name:      "rule1",
    26  					Zones:     []string{"ARGS"},
    27  					Variables: []string{"foo"},
    28  					Match:     appsec_rule.Match{Type: "equals", Value: "b/c"},
    29  					Transform: []string{"normalizepath"},
    30  				},
    31  			},
    32  			input_request: appsec.ParsedRequest{
    33  				RemoteAddr: "1.2.3.4",
    34  				Method:     "GET",
    35  				URI:        "/?foo=a/../b/c",
    36  			},
    37  			output_asserts: func(events []types.Event, responses []appsec.AppsecTempResponse, appsecResponse appsec.BodyResponse, statusCode int) {
    38  				require.Len(t, events, 2)
    39  				require.Equal(t, types.APPSEC, events[0].Type)
    40  				require.Equal(t, types.LOG, events[1].Type)
    41  				require.Equal(t, "rule1", events[1].Appsec.MatchedRules[0]["msg"])
    42  			},
    43  		},
    44  		{
    45  			name:             "normalizepath #2",
    46  			expected_load_ok: true,
    47  			inband_rules: []appsec_rule.CustomRule{
    48  				{
    49  					Name:      "rule1",
    50  					Zones:     []string{"ARGS"},
    51  					Variables: []string{"foo"},
    52  					Match:     appsec_rule.Match{Type: "equals", Value: "b/c/"},
    53  					Transform: []string{"normalizepath"},
    54  				},
    55  			},
    56  			input_request: appsec.ParsedRequest{
    57  				RemoteAddr: "1.2.3.4",
    58  				Method:     "GET",
    59  				URI:        "/?foo=a/../b/c/////././././",
    60  			},
    61  			output_asserts: func(events []types.Event, responses []appsec.AppsecTempResponse, appsecResponse appsec.BodyResponse, statusCode int) {
    62  				require.Len(t, events, 2)
    63  				require.Equal(t, types.APPSEC, events[0].Type)
    64  				require.Equal(t, types.LOG, events[1].Type)
    65  				require.Equal(t, "rule1", events[1].Appsec.MatchedRules[0]["msg"])
    66  			},
    67  		},
    68  	}
    69  	for _, test := range tests {
    70  		t.Run(test.name, func(t *testing.T) {
    71  			loadAppSecEngine(test, t)
    72  		})
    73  	}
    74  }