Fix the ability to disable ModSecurity at location level
- Adds 'modsecurity off;' to the nginx config if the 'enable-modsecurity' annotation is set to false. - Update tests and e2e tests accordingly Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
This commit is contained in:
Bhavin Gandhi
parent
8f4d5f8b34
commit
380ef3a92c
5 changed files with 84 additions and 27 deletions
|
|
@ -25,6 +25,7 @@ import (
|
|||
// Config contains ModSecurity Configuration items
|
||||
type Config struct {
|
||||
Enable bool `json:"enable-modsecurity"`
|
||||
EnableSet bool `json:"enable-modsecurity-set"`
|
||||
OWASPRules bool `json:"enable-owasp-core-rules"`
|
||||
TransactionID string `json:"modsecurity-transaction-id"`
|
||||
Snippet string `json:"modsecurity-snippet"`
|
||||
|
|
@ -41,6 +42,9 @@ func (modsec1 *Config) Equal(modsec2 *Config) bool {
|
|||
if modsec1.Enable != modsec2.Enable {
|
||||
return false
|
||||
}
|
||||
if modsec1.EnableSet != modsec2.EnableSet {
|
||||
return false
|
||||
}
|
||||
if modsec1.OWASPRules != modsec2.OWASPRules {
|
||||
return false
|
||||
}
|
||||
|
|
@ -69,9 +73,11 @@ func (a modSecurity) Parse(ing *networking.Ingress) (interface{}, error) {
|
|||
var err error
|
||||
config := &Config{}
|
||||
|
||||
config.EnableSet = true
|
||||
config.Enable, err = parser.GetBoolAnnotation("enable-modsecurity", ing)
|
||||
if err != nil {
|
||||
config.Enable = false
|
||||
config.EnableSet = false
|
||||
}
|
||||
|
||||
config.OWASPRules, err = parser.GetBoolAnnotation("enable-owasp-core-rules", ing)
|
||||
|
|
|
|||
|
|
@ -41,22 +41,22 @@ func TestParse(t *testing.T) {
|
|||
annotations map[string]string
|
||||
expected Config
|
||||
}{
|
||||
{map[string]string{enable: "true"}, Config{true, false, "", ""}},
|
||||
{map[string]string{enable: "false"}, Config{false, false, "", ""}},
|
||||
{map[string]string{enable: ""}, Config{false, false, "", ""}},
|
||||
{map[string]string{enable: "true"}, Config{true, true, false, "", ""}},
|
||||
{map[string]string{enable: "false"}, Config{false, true, false, "", ""}},
|
||||
{map[string]string{enable: ""}, Config{false, false, false, "", ""}},
|
||||
|
||||
{map[string]string{owasp: "true"}, Config{false, true, "", ""}},
|
||||
{map[string]string{owasp: "false"}, Config{false, false, "", ""}},
|
||||
{map[string]string{owasp: ""}, Config{false, false, "", ""}},
|
||||
{map[string]string{owasp: "true"}, Config{false, false, true, "", ""}},
|
||||
{map[string]string{owasp: "false"}, Config{false, false, false, "", ""}},
|
||||
{map[string]string{owasp: ""}, Config{false, false, false, "", ""}},
|
||||
|
||||
{map[string]string{transID: "ok"}, Config{false, false, "ok", ""}},
|
||||
{map[string]string{transID: ""}, Config{false, false, "", ""}},
|
||||
{map[string]string{transID: "ok"}, Config{false, false, false, "ok", ""}},
|
||||
{map[string]string{transID: ""}, Config{false, false, false, "", ""}},
|
||||
|
||||
{map[string]string{snippet: "ModSecurity Rule"}, Config{false, false, "", "ModSecurity Rule"}},
|
||||
{map[string]string{snippet: ""}, Config{false, false, "", ""}},
|
||||
{map[string]string{snippet: "ModSecurity Rule"}, Config{false, false, false, "", "ModSecurity Rule"}},
|
||||
{map[string]string{snippet: ""}, Config{false, false, false, "", ""}},
|
||||
|
||||
{map[string]string{}, Config{false, false, "", ""}},
|
||||
{nil, Config{false, false, "", ""}},
|
||||
{map[string]string{}, Config{false, false, false, "", ""}},
|
||||
{nil, Config{false, false, false, "", ""}},
|
||||
}
|
||||
|
||||
ing := &networking.Ingress{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue