Added e2e test to disabling modsecurity conf

Added e2e in case modsecurity-snippet enabled to disable settings in default modsecurity.conf
2021-12-12 14:42:46 +01:00 · 2021-12-12 14:42:46 +01:00 · e485345224
commit e485345224
parent 48c0742d3c
1 changed files with 36 additions and 0 deletions
--- a/test/e2e/annotations/modsecurity/modsecurity.go
+++ b/test/e2e/annotations/modsecurity/modsecurity.go
@ -342,4 +342,40 @@ var _ = framework.DescribeAnnotation("modsecurity owasp", func() {
 			Expect().
 			Status(http.StatusOK)
 	})
 	ginkgo.It("should disable default modsecurity conf setting when modsecurity-snippet is specified", func() {
 		host := "modsecurity.foo.com"
 		nameSpace := f.Namespace
 		snippet := `SecRuleEngine On
 		SecRequestBodyAccess On
 		SecAuditEngine RelevantOnly
 		SecAuditLogParts ABIJDEFHZ
 		SecAuditLogType Concurrent
 		SecAuditLog /var/tmp/modsec_audit.log
 		SecAuditLogStorageDir /var/tmp/
 		SecRule REQUEST_HEADERS:User-Agent \"block-ua\" \"log,deny,id:107,status:403,msg:\'UA blocked\'\"`
 		annotations := map[string]string{
 			"nginx.ingress.kubernetes.io/enable-modsecurity":  "true",
 			"nginx.ingress.kubernetes.io/modsecurity-snippet": snippet,
 		}
 		f.UpdateNginxConfigMapData("annotation-value-word-blocklist", "load_module, lua_package, _by_lua, location, root, {, }")
 		// Sleep a while just to guarantee that the configmap is applied
 		framework.Sleep()
 		ing := framework.NewSingleIngress(host, "/", host, nameSpace, framework.EchoService, 80, annotations)
 		f.EnsureIngress(ing)
 		f.WaitForNginxServer(host,
 			func(server string) bool {
 				return !strings.Contains(server, "modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;")
 			})
 		f.HTTPTestClient().
 			GET("/").
 			WithHeader("Host", host).
 			WithHeader("User-Agent", "block-ua").
 			Expect().
 			Status(http.StatusForbidden)
 	})
 })