DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

UPT: annotation enhancement for resty-lua-waf

Browse source
This commit is contained in:
Desmond Ho 2018-10-05 12:24:37 +08:00
parent a3bf5dadaf
commit 04a89ce234
5 changed files with 140 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

48
test/e2e/annotations/luarestywaf.go
View file

@ -65,6 +65,54 @@ var _ = framework.IngressNginxDescribe("Annotations - lua-resty-waf", func() {
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
})
It("should apply the score threshold", func() {
host := "foo"
createIngress(f, host, "http-svc", 80, map[string]string{
"nginx.ingress.kubernetes.io/lua-resty-waf": "active",
"nginx.ingress.kubernetes.io/lua-resty-waf-score": "20"})
url := fmt.Sprintf("%s?msg=<A href=\"http://mysite.com/\">XSS</A>", f.IngressController.HTTPURL)
resp, _, errs := gorequest.New().
Get(url).
Set("Host", host).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
})
It("should reject the invaild content", func() {
host := "foo"
contenttype := "application/octet-stream"
createIngress(f, host, "http-svc", 80, map[string]string{
"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
url := fmt.Sprintf("%s?msg=my-message", f.IngressController.HTTPURL)
resp, _, errs := gorequest.New().
Get(url).
Set("Host", host).
Set("Content-Type", contenttype).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusForbidden))
})
It("should allow the multipart content type", func() {
host := "foo"
contenttype := "multipart/form-data; boundary=alamofire.boundary.3fc2e849279e18fc"
createIngress(f, host, "http-svc", 80, map[string]string{
"nginx.ingress.kubernetes.io/lua-resty-waf-disable-multipart-body": "true",
"nginx.ingress.kubernetes.io/lua-resty-waf": "active"})
url := fmt.Sprintf("%s?msg=my-message", f.IngressController.HTTPURL)
resp, _, errs := gorequest.New().
Get(url).
Set("Host", host).
Set("Content-Type", contenttype).
End()
Expect(len(errs)).Should(Equal(0))
Expect(resp.StatusCode).Should(Equal(http.StatusOK))
})
It("should apply configured extra rules", func() {
host := "foo"
createIngress(f, host, "http-svc", 80, map[string]string{