Merge pull request #45 from fzipi/override-output-result-tests

feat(tests): add overrides for running in cloud mode

check/base.go

@@ -6,7 +6,6 @@ import (
 	"github.com/fzipi/go-ftw/config"
 	"github.com/fzipi/go-ftw/test"
 	"github.com/fzipi/go-ftw/waflog"
-	"github.com/rs/zerolog/log"
 )
 
 // FTWCheck is the base struct for checking test results
@@ -32,9 +31,6 @@ func NewCheck(c *config.FTWConfiguration) *FTWCheck {
 		overrides: &c.TestOverride,
 	}
 
-	log.Trace().Msgf("check/base: time will be truncated to %s", check.log.TimeTruncate)
-	log.Trace().Msgf("check/base: logfile will be truncated? %t", check.log.LogTruncate)
-
 	return check
 }
 
@@ -91,3 +87,22 @@ func (c *FTWCheck) ForcedFail(id string) bool {
 	_, ok := c.overrides.ForceFail[id]
 	return ok
 }
+
+// CloudMode returns true if we are running in cloud mode
+func (c *FTWCheck) CloudMode() bool {
+	return c.overrides.Mode == config.CloudMode
+}
+
+// SetCloudMode alters the values for expected logs and status code
+func (c *FTWCheck) SetCloudMode() {
+	var status = c.expected.Status
+
+	if c.expected.LogContains != "" {
+		status = append(status, 403)
+		c.expected.LogContains = ""
+	} else if c.expected.NoLogContains != "" {
+		status = append(status, 200, 404, 405)
+		c.expected.NoLogContains = ""
+	}
+	c.expected.Status = status
+}

check/base_test.go

@@ -1,23 +1,23 @@
 package check
 
 import (
+	"sort"
 	"testing"
 	"time"
 
 	"github.com/fzipi/go-ftw/config"
+	"github.com/fzipi/go-ftw/test"
 )
 
-var yamlApacheConfig = `
----
+var yamlApacheConfig = `---
 logfile: 'tests/logs/modsec2-apache/apache2/error.log'
 logtype:
   name: 'apache'
   timeregex:  '\[([A-Z][a-z]{2} [A-z][a-z]{2} \d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2}\.\d+? \d{4})\]'
   timeformat: 'ddd MMM DD HH:mm:ss.S YYYY'
 `
 
-var yamlNginxConfig = `
----
+var yamlNginxConfig = `---
 logfile: 'tests/logs/modsec3-nginx/nginx/error.log'
 logtype:
   name: 'nginx'
@@ -29,8 +29,16 @@ testoverride:
     '942200-1': 'Ignore Me'
 `
 
+var yamlCloudConfig = `---
+testoverride:
+  mode: "cloud"
+`
+
 func TestNewCheck(t *testing.T) {
-	config.ImportFromString(yamlNginxConfig)
+	err := config.NewConfigFromString(yamlNginxConfig)
+	if err != nil {
+		t.Error(err)
+	}
 
 	c := NewCheck(config.FTWConfig)
 
@@ -43,10 +51,32 @@ func TestNewCheck(t *testing.T) {
 			t.Errorf("Well, didn't match Ignore Me")
 		}
 	}
+
+	to := test.Output{
+		Status:           []int{200},
+		ResponseContains: "",
+		LogContains:      "nothing",
+		NoLogContains:    "",
+		ExpectError:      true,
+	}
+	c.SetExpectTestOutput(&to)
+
+	if c.expected.ExpectError != true {
+		t.Error("Problem setting expected output")
+	}
+
+	c.SetNoLogContains("nologcontains")
+
+	if c.expected.NoLogContains != "nologcontains" {
+		t.Error("PRoblem setting nologcontains")
+	}
 }
 
 func TestForced(t *testing.T) {
-	config.ImportFromString(yamlNginxConfig)
+	err := config.NewConfigFromString(yamlNginxConfig)
+	if err != nil {
+		t.Error(err)
+	}
 
 	c := NewCheck(config.FTWConfig)
 
@@ -55,10 +85,53 @@ func TestForced(t *testing.T) {
 	}
 
 	if c.ForcedFail("1245") {
-		t.Errorf("Valued should not be found")
+		t.Errorf("Value should not be found")
 	}
 
 	if c.ForcedPass("1245") {
-		t.Errorf("Valued should not be found")
+		t.Errorf("Value should not be found")
+	}
+}
+
+func TestCloudMode(t *testing.T) {
+	err := config.NewConfigFromString(yamlCloudConfig)
+	if err != nil {
+		t.Error(err)
+	}
+
+	c := NewCheck(config.FTWConfig)
+
+	if c.CloudMode() != true {
+		t.Errorf("couldn't detect cloud mode")
+	}
+
+	status := []int{200, 301}
+	c.SetExpectStatus(status)
+	c.SetLogContains("this text")
+	// this should override logcontains
+	c.SetCloudMode()
+
+	cloudStatus := c.expected.Status
+	sort.Ints(cloudStatus)
+	if res := sort.SearchInts(cloudStatus, 403); res == 0 {
+		t.Errorf("couldn't find expected 403 status in %#v -> %d", cloudStatus, res)
 	}
+
+	c.SetLogContains("")
+	c.SetNoLogContains("no log contains")
+	// this should override logcontains
+	c.SetCloudMode()
+
+	cloudStatus = c.expected.Status
+	sort.Ints(cloudStatus)
+	found := false
+	for _, n := range cloudStatus {
+		if n == 200 {
+			found = true
+		}
+	}
+	if !found {
+		t.Errorf("couldn't find expected 200 status\n")
+	}
+
 }

check/error_test.go

@@ -24,8 +24,11 @@ var expectedFailTests = []struct {
 }
 
 func TestAssertResponseErrorOK(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
 
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 	c := NewCheck(config.FTWConfig)
 	for _, e := range expectedOKTests {
 		c.SetExpectError(e.expected)
@@ -36,7 +39,11 @@ func TestAssertResponseErrorOK(t *testing.T) {
 }
 
 func TestAssertResponseFail(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
+
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 
 	c := NewCheck(config.FTWConfig)
 

check/logs.go

@@ -1,7 +1,5 @@
 package check
 
-import "github.com/rs/zerolog/log"
-
 // AssertNoLogContains returns true is the string is not found in the logs
 func (c *FTWCheck) AssertNoLogContains() bool {
 	if c.expected.NoLogContains != "" {
@@ -12,9 +10,7 @@ func (c *FTWCheck) AssertNoLogContains() bool {
 
 // AssertLogContains returns true when the logs contain the string
 func (c *FTWCheck) AssertLogContains() bool {
-	log.Trace().Msgf("ftw/check: check will truncate at %s", c.log.TimeTruncate)
 	if c.expected.LogContains != "" {
-		log.Debug().Msgf("ftw/check: log contains? -> %s", c.expected.LogContains)
 		return c.log.Contains(c.expected.LogContains)
 	}
 	return false

check/logs_test.go

@@ -8,24 +8,25 @@ import (
 	"github.com/fzipi/go-ftw/utils"
 )
 
-var nginxLogText = `
-2021/03/16 12:40:19 [info] 17#17: *2495 ModSecurity: Warning. Matched "Operator ` + "`" + `Within' with parameter ` + "`" + `GET HEAD POST OPTIONS' against variable ` + "`" + `REQUEST_METHOD' (Value: ` + "`" + `OTHER' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "27"] [id "911100"] [rev ""] [msg "Method is not allowed by policy"] [data "OTHER"] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841954.023243"] [ref "v0,5"], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
+var nginxLogText = `2021/03/16 12:40:19 [info] 17#17: *2495 ModSecurity: Warning. Matched "Operator ` + "`" + `Within' with parameter ` + "`" + `GET HEAD POST OPTIONS' against variable ` + "`" + `REQUEST_METHOD' (Value: ` + "`" + `OTHER' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "27"] [id "911100"] [rev ""] [msg "Method is not allowed by policy"] [data "OTHER"] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841954.023243"] [ref "v0,5"], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 2021/03/16 12:40:19 [info] 17#17: *2495 ModSecurity: Warning. Matched "Operator ` + "`" + `Pm' with parameter ` + "`" + `AppleWebKit Android' against variable ` + "`" + `REQUEST_HEADERS:User-Agent' (Value: ` + "`" + `ModSecurity CRS 3 Tests' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1360"] [id "920300"] [rev ""] [msg "Request Missing an Accept Header"] [data ""] [severity "5"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/3"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841954.023243"] [ref "v0,5v63,23"], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 2021/03/16 12:40:19 [info] 17#17: *2495 ModSecurity: Warning. Matched "Operator ` + "`" + `Ge' with parameter ` + "`" + `5' against variable ` + "`" + `TX:ANOMALY_SCORE' (Value: ` + "`" + `7' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "138"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841954.023243"] [ref ""], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 2021/03/16 12:40:19 [info] 17#17: *2497 ModSecurity: Warning. Matched "Operator ` + "`" + `Within' with parameter ` + "`" + `GET HEAD POST OPTIONS' against variable ` + "`" + `REQUEST_METHOD' (Value: ` + "`" + `OTHER' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "27"] [id "911100"] [rev ""] [msg "Method is not allowed by policy"] [data "OTHER"] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841970.216949"] [ref "v0,5"], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 2021/03/16 12:40:19 [info] 17#17: *2497 ModSecurity: Warning. Matched "Operator ` + "`" + `Pm' with parameter ` + "`" + `AppleWebKit Android' against variable ` + "`" + `REQUEST_HEADERS:User-Agent' (Value: ` + "`" + `ModSecurity CRS 3 Tests' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1360"] [id "920300"] [rev ""] [msg "Request Missing an Accept Header"] [data ""] [severity "5"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/3"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841970.216949"] [ref "v0,5v63,23"], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 2021/03/16 12:40:19 [info] 17#17: *2497 ModSecurity: Warning. Matched "Operator ` + "`" + `Ge' with parameter ` + "`" + `5' against variable ` + "`" + `TX:ANOMALY_SCORE' (Value: ` + "`" + `7' ) [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "138"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "172.19.0.3"] [uri "/"] [unique_id "161589841970.216949"] [ref ""], client: 172.19.0.1, server: modsec3-nginx, request: "OTHER / HTTP/1.1", host: "localhost"
 `
 
-var apacheLogText = `
-[Tue Jan 05 02:21:09.637165 2021] [:error] [pid 76:tid 139683434571520] [client 172.23.0.1:58998] [client 172.23.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "339"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "close,close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "localhost"] [uri "/"] [unique_id "X-PNFSe1VwjCgYRI9FsbHgAAAIY"]
+var apacheLogText = `[Tue Jan 05 02:21:09.637165 2021] [:error] [pid 76:tid 139683434571520] [client 172.23.0.1:58998] [client 172.23.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:keep-alive|close),\\\\s?(?:keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "339"] [id "920210"] [msg "Multiple/Conflicting Connection Header Data Found"] [data "close,close"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "localhost"] [uri "/"] [unique_id "X-PNFSe1VwjCgYRI9FsbHgAAAIY"]
 [Tue Jan 05 02:21:09.637731 2021] [:error] [pid 76:tid 139683434571520] [client 172.23.0.1:58998] [client 172.23.0.1] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1230"] [id "920300"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "localhost"] [uri "/"] [unique_id "X-PNFSe1VwjCgYRI9FsbHgAAAIY"]
 [Tue Jan 05 02:21:09.638572 2021] [:error] [pid 76:tid 139683434571520] [client 172.23.0.1:58998] [client 172.23.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "localhost"] [uri "/"] [unique_id "X-PNFSe1VwjCgYRI9FsbHgAAAIY"]
 [Tue Jan 05 02:21:09.647668 2021] [:error] [pid 76:tid 139683434571520] [client 172.23.0.1:58998] [client 172.23.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "87"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 3, 2, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "localhost"] [uri "/"] [unique_id "X-PNFSe1VwjCgYRI9FsbHgAAAIY"]
 `
 
 func TestAssertApacheLogContainsOK(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 	logName, _ := utils.CreateTempFileWithContent(apacheLogText, "test-apache-*.log")
 	defer os.Remove(logName)
 	config.FTWConfig.LogFile = logName
@@ -50,7 +51,10 @@ func TestAssertApacheLogContainsOK(t *testing.T) {
 }
 
 func TestAssertNginxLogContainsOK(t *testing.T) {
-	config.ImportFromString(yamlNginxConfig)
+	err := config.NewConfigFromString(yamlNginxConfig)
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 	logName, _ := utils.CreateTempFileWithContent(nginxLogText, "test-nginx-*.log")
 	defer os.Remove(logName)
 	config.FTWConfig.LogFile = logName
@@ -66,4 +70,8 @@ func TestAssertNginxLogContainsOK(t *testing.T) {
 	if !c.AssertLogContains() {
 		t.Errorf("Failed !")
 	}
+
+	if c.AssertNoLogContains() {
+		t.Error("No log contains failed")
+	}
 }

check/response.go

@@ -2,14 +2,11 @@ package check
 
 import (
 	"strings"
-
-	"github.com/rs/zerolog/log"
 )
 
 // AssertResponseContains checks that the http response contains the needle
 func (c *FTWCheck) AssertResponseContains(response string) bool {
 	if c.expected.ResponseContains != "" {
-		log.Trace().Msgf("ftw/check: is %s contained in response %s", c.expected.ResponseContains, response)
 		return strings.Contains(response, c.expected.ResponseContains)
 	}
 	return false

check/response_test.go

@@ -21,8 +21,11 @@ var expectedResponseFailTests = []struct {
 }
 
 func TestAssertResponseTextErrorOK(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
 
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 	c := NewCheck(config.FTWConfig)
 	for _, e := range expectedResponseOKTests {
 		c.SetExpectResponse(e.expected)
@@ -33,8 +36,10 @@ func TestAssertResponseTextErrorOK(t *testing.T) {
 }
 
 func TestAssertResponseTextFailOK(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
-
+	err := config.NewConfigFromString(yamlApacheConfig)
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 	c := NewCheck(config.FTWConfig)
 	for _, e := range expectedResponseFailTests {
 		c.SetExpectResponse(e.expected)

check/status.go

@@ -1,10 +1,7 @@
 package check
 
-import "github.com/rs/zerolog/log"
-
 // AssertStatus will match the expected status list with the one received in the response
 func (c *FTWCheck) AssertStatus(status int) bool {
-	log.Trace().Msgf("ftw/check: status %d, expected %v", status, c.expected.Status)
 	for _, i := range c.expected.Status {
 		if i == status {
 			return true

check/status_test.go

@@ -24,7 +24,10 @@ var statusFailTests = []struct {
 }
 
 func TestStatusOK(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 
 	c := NewCheck(config.FTWConfig)
 
@@ -37,7 +40,10 @@ func TestStatusOK(t *testing.T) {
 }
 
 func TestStatusFail(t *testing.T) {
-	config.ImportFromString(yamlApacheConfig)
+	err := config.NewConfigFromString(yamlApacheConfig)
+	if err != nil {
+		t.Errorf("Failed!")
+	}
 
 	c := NewCheck(config.FTWConfig)
 

cmd/root.go

@@ -1,9 +1,10 @@
 package cmd
 
 import (
+	"log"
 	"os"
 
-	config "github.com/fzipi/go-ftw/config"
+	"github.com/fzipi/go-ftw/config"
 
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
@@ -42,12 +43,18 @@ func init() {
 }
 
 func initConfig() {
-	config.Init(cfgFile)
 	zerolog.SetGlobalLevel(zerolog.InfoLevel)
 	if debug {
 		zerolog.SetGlobalLevel(zerolog.DebugLevel)
 	}
 	if trace {
 		zerolog.SetGlobalLevel(zerolog.TraceLevel)
 	}
+	errFile := config.NewConfigFromFile(cfgFile)
+	if errFile != nil {
+		errEnv := config.NewConfigFromEnv()
+		if errEnv != nil {
+			log.Fatalf("cannot read config from file (%s) nor environment (%s).", errFile.Error(), errEnv.Error())
+		}
+	}
 }