The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ExampleTests = []Test{ ExampleTest, } ExampleTest = Test{ TestTitle: "123456-1", TestDescription: "Unix RCE using `time`", Stages: ExampleStages, } ExampleStage = Stage{ Description: "Get cookie from server", Input: ExampleInput, Output: ExampleOutput, } ExampleStages = []Stage{ ExampleStage, } ExampleHeaders = map[string]string{ "User-Agent": "CRS Tests", "Host": "localhost", "Accept": "*/*", } ExampleInput = Input{ DestAddr: strPtr("192.168.0.1"), Port: intPtr(8080), Protocol: strPtr("http"), URI: strPtr("/test"), Version: strPtr("HTTP/1.1"), Headers: ExampleHeaders, Method: strPtr("REPORT"), Data: nil, EncodedRequest: "TXkgRGF0YQo=", SaveCookie: boolPtr(false), StopMagic: boolPtr(true), AutocompleteHeaders: boolPtr(false), } ExampleOutput = Output{ Status: 200, ResponseContains: "", LogContains: "nothing", NoLogContains: "", Log: ExampleLog, ExpectError: boolPtr(true), } ExampleLog = Log{ ExpectId: 123456, NoExpectId: 123456, MatchRegex: `id[:\s"]*123456`, NoMatchRegex: `id[:\s"]*123456`, } AnnotationsExample = map[string]string{ "os": "Debian Bullseye", "purpose": "L7ASR test suite", } ReasonExample = "nginx returns 400 when `Content-Length` header is sent in a\n" + "`Transfer-Encoding: chunked` request." )
Functions ¶
This section is empty.
Types ¶
type FTWTest ¶
type FTWTest struct {
// description: |
// Meta describes the metadata information of this yaml test file
Meta FTWTestMeta `yaml:"meta"`
// description: |
// FileName is the name of the file where these tests are.
// examples:
// - name: FileName
// value: "\"test-1234.yaml\""
FileName string
// description: |
// Tests is a list of FTW tests
// examples:
// - value: ExampleTests
Tests []Test `yaml:"tests"`
}
FTWTest is the base type used when unmarshaling YAML tests files
type FTWTestMeta ¶
type FTWTestMeta struct {
// description: |
// Author is the list of authors that added content to this file
// examples:
// - name: Author
// value: "\"Felipe Zipitria\""
Author string `yaml:"author,omitempty"`
// description: |
// Enabled indicates if the tests are enabled to be run by the engine or not.
// examples:
// - name: Enabled
// value: false
//
// Deprecated: ignored; use platform specific overrides instead
Enabled *bool `yaml:"enabled,omitempty"`
// description: |
// Name is the name of the tests contained in this file.
// examples:
// - name: Name
// value: "\"test01\""
Name string `yaml:"name,omitempty"`
// description: |
// Description is a textual description of the tests contained in this file.
// examples:
// - name: Description
// value: "\"The tests here target SQL injection.\""
Description string `yaml:"description,omitempty"`
// description: |
// Version is the version of the YAML Schema.
// examples:
// - name: Version
// value: "\"v1\""
Version string `yaml:"version,omitempty"`
}
FTWTestMeta describes the metadata information of this yaml test file
type Input ¶
type Input struct {
// description: |
// DestAddr is the IP of the destination host that the test will send the message to.
// examples:
// - name: DestAddr
// value: "\"127.0.0.1\""
DestAddr *string `yaml:"dest_addr,omitempty" koanf:"dest_addr,omitempty"`
// description: |
// Port allows you to declare which port on the destination host the test should connect to.
// examples:
// - name: Port
// value: 80
Port *int `yaml:"port,omitempty" koanf:"port,omitempty"`
// description: |
// Protocol allows you to declare which protocol the test should use when sending the request.
// examples:
// - name: Protocol
// value: "\"http\""
Protocol *string `yaml:"protocol,omitempty" koanf:"protocol,omitempty"`
// description: |
// URI allows you to declare the URI the test should use as part of the request line.
// examples:
// - name: URI
// value: "\"/get?hello=world\""
URI *string `yaml:"uri,omitempty" koanf:"uri,omitempty"`
// description: |
// Version allows you to declare the HTTP version the test should use as part of the request line.
// examples:
// - name: Version
// value: "\"1.1\""
Version *string `yaml:"version,omitempty" koanf:"version,omitempty"`
// description: |
// Method allows you to declare the HTTP method the test should use as part of the request line.
// examples:
// - name: Method
// value: "\"GET\""
Method *string `yaml:"method,omitempty" koanf:"method,omitempty"`
// description: |
// Method allows you to declare headers that the test should send.
// examples:
// - name: Headers
// value: ExampleHeaders
Headers map[string]string `yaml:"headers,omitempty" koanf:"headers,omitempty"`
// description: |
// Data allows you to declare the payload that the test should in the request body.
// examples:
// - name: Data
// value: "\"Bibitti bopi\""
Data *string `yaml:"data,omitempty" koanf:"data,omitempty"`
// description: |
// SaveCookie allows you to automatically provide cookies if there are multiple stages and save cookie is set
// examples:
// - name: SaveCookie
// value: 80
SaveCookie *bool `yaml:"save_cookie,omitempty" koanf:"save_cookie,omitempty"`
// description: |
// StopMagic is deprecated.
// examples:
// - name: StopMagic
// value: false
//
// Deprecated: use AutocompleteHeaders instead
StopMagic *bool `yaml:"stop_magic" koanf:"stop_magic,omitempty"`
// description: |
// AutocompleteHeaders allows the test framework to automatically fill the request with Content-Type and Connection headers.
// Defaults to true.
// examples:
// - name: StopMagic
// value: false
AutocompleteHeaders *bool `yaml:"autocomplete_headers" koanf:"autocomplete_headers,omitempty"`
// description: |
// EncodedRequest will take a base64 encoded string that will be decoded and sent through as the request.
// It will override all other settings
// examples:
// - name: EncodedRequest
// value: "\"a\""
EncodedRequest string `yaml:"encoded_request,omitempty" koanf:"encoded_request,omitempty"`
// description: |
// RAWRequest is deprecated.
// examples:
// - name: RAWRequest
// value: "\"TXkgRGF0YQo=\""
//
// Deprecated: use `encoded_request`
RAWRequest string `yaml:"raw_request,omitempty" koanf:"raw_request,omitempty"`
}
Input represents the input request in a stage The fields `Version`, `Method` and `URI` we want to explicitly now when they are set to ""
type Log ¶
type Log struct {
// description: |
// Expect the given ID to be contained in the log output.
// examples:
// - value: ExampleLog.ExpectId
ExpectId int `yaml:"expect_id,omitempty"`
// description: |
// Expect the given ID _not_ to be contained in the log output.
// examples:
// - value: ExampleLog.NoExpectId
NoExpectId int `yaml:"no_expect_id,omitempty"`
// description: |
// Expect the regular expression to match log content for the current test.
// examples:
// - value: ExampleLog.MatchRegex
MatchRegex string `yaml:"match_regex,omitempty"`
// description: |
// Expect the regular expression to _not_ match log content for the current test.
// examples:
// - value: ExampleLog.NoMatchRegex
NoMatchRegex string `yaml:"no_match_regex,omitempty"`
}
Log is used to configure expectations about the log contents.
type Output ¶
type Output struct {
// description: |
// Status describes the HTTP status code expected in the response.
// examples:
// - name: Status
// value: 200
Status int `yaml:"status,omitempty"`
// description: |
// ResponseContains describes the text that should be contained in the HTTP response.
// examples:
// - name: ResponseContains
// value: "\"Hello, World\""
ResponseContains string `yaml:"response_contains,omitempty"`
// description: |
// LogContains describes the text that should be contained in the WAF logs.
// examples:
// - name: LogContains
// value: "\"id 920100\""
//
// Deprecated: use Log instead
LogContains string `yaml:"log_contains,omitempty"`
// description: |
// NoLogContains describes the text that should not be contained in the WAF logs.
// examples:
// - name: NoLogContains
// value: "\"id 920100\""
//
// Deprecated: use Log instead
NoLogContains string `yaml:"no_log_contains,omitempty"`
// description: |
// Log is used to configure expectations about the log contents.
// examples:
// - value: ExampleLog
Log Log `yaml:"log,omitempty"`
// description: |
// When `ExpectError` is true, we don't expect an answer from the WAF, just an error.
// examples:
// - name: ExpectError
// value: false
ExpectError *bool `yaml:"expect_error,omitempty"`
}
Output is the response expected from the test
type Stage ¶
type Stage struct {
// description: |
// StageData is an individual test stage.
//
// Deprecated: use the other fields of `Stage`
SD StageData `yaml:"stage,omitempty"`
// description: |
// Describes the purpose of this stage.
// examples:
// - value: ExampleStage.Description
Description string `yaml:"description,omitempty"`
// description: |
// Input is the data that is passed to the test
// examples:
// - name: Input
// value: ExampleInput
Input Input `yaml:"input"`
// description: |
// Output is the data that is returned from the test
// examples:
// - name: Output
// value: ExampleOutput
Output Output `yaml:"output"`
}
Stage is a list of stages
type StageData
deprecated
type StageData struct {
// description: |
// Input is the data that is passed to the test
// examples:
// - name: Input
// value: ExampleInput
Input Input `yaml:"input"`
// description: |
// Output is the data that is returned from the test
// examples:
// - name: Output
// value: ExampleOutput
Output Output `yaml:"output"`
}
StageData is the data that is passed to the test, and the data that is returned from the test
Deprecated: use the other fields of `stage`
type Test ¶
type Test struct {
// description: |
// TestTitle is the title of this particular test. It is used for inclusion/exclusion of each run by the tool.
// examples:
// - value: ExampleTest.TestTitle
//
// Deprecated: use `rule_id` and `test_id`
TestTitle string `yaml:"test_title,omitempty"`
// description: |
// RuleId is the ID of the rule this test targets
// examples:
// - name: RuleId
// value: 123456
RuleId int `yaml:"rule_id"`
// description: |
// TestId is the ID of the test, in relation to `rule_id`
// examples:
// - name: TestId
// value: 4
TestId int `yaml:"test_id"`
// description: |
// TestDescription is the description for this particular test. Should be used to describe the internals of
// the specific things this test is targeting.
// examples:
// - value: ExampleTest.TestDescription
TestDescription string `yaml:"desc,omitempty"`
// description: |
// Stages is the list of all the stages to perform this test.
// examples:
// - value: ExampleStages
Stages []Stage `yaml:"stages"`
}
Test is an individual test. One test can have multiple stages.
Source Files
Click to show internal directories.
Click to hide internal directories.