Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/output/stats/waf/waf_test.go
2070 views
1
package waf

2


3
import (

4
	"regexp"

5
	"testing"

6
)

7


8
func TestWAFDetection(t *testing.T) {

9
	detector := NewWafDetector()

10
	if detector == nil {

11
		t.Fatal("expected non-nil wafDetector")

12
	}

13


14
	tests := []struct {

15
		name        string

16
		content     string

17
		expectedWAF string

18
		shouldMatch bool

19
	}{

20
		{

21
			name:        "Cloudflare WAF",

22
			content:     "Attention Required! | Cloudflare",

23
			expectedWAF: "cloudflare",

24
			shouldMatch: true,

25
		},

26
		{

27
			name:        "ModSecurity WAF",

28
			content:     "This error was generated by Mod_Security",

29
			expectedWAF: "modsecurity",

30
			shouldMatch: true,

31
		},

32
		{

33
			name:        "No WAF",

34
			content:     "Regular response with no WAF signature",

35
			expectedWAF: "",

36
			shouldMatch: false,

37
		},

38
		{

39
			name:        "Wordfence WAF",

40
			content:     "Generated by Wordfence",

41
			expectedWAF: "wordfence",

42
			shouldMatch: true,

43
		},

44
		{

45
			name:        "Sucuri WAF",

46
			content:     "Access Denied - Sucuri Website Firewall",

47
			expectedWAF: "sucuri",

48
			shouldMatch: true,

49
		},

50
	}

51


52
	for _, tt := range tests {

53
		t.Run(tt.name, func(t *testing.T) {

54
			waf, matched := detector.DetectWAF(tt.content)

55
			if matched != tt.shouldMatch {

56
				t.Errorf("expected match=%v, got match=%v", tt.shouldMatch, matched)

57
			}

58
			if matched && waf != tt.expectedWAF {

59
				t.Errorf("expected WAF=%s, got WAF=%s", tt.expectedWAF, waf)

60
			}

61
		})

62
	}

63
}

64


65
func TestWAFDetectionNilPointerSafety(t *testing.T) {

66
	tests := []struct {

67
		name     string

68
		detector *WafDetector

69
		content  string

70
	}{

71
		{

72
			name:     "nil detector",

73
			detector: nil,

74
			content:  "test content",

75
		},

76
		{

77
			name: "nil regexCache",

78
			detector: &WafDetector{

79
				wafs:       make(map[string]waf),

80
				regexCache: nil,

81
			},

82
			content: "test content",

83
		},

84
		{

85
			name: "regexCache with nil regex",

86
			detector: &WafDetector{

87
				wafs: make(map[string]waf),

88
				regexCache: map[string]*regexp.Regexp{

89
					"test": nil,

90
				},

91
			},

92
			content: "test content",

93
		},

94
		{

95
			name: "empty regexCache",

96
			detector: &WafDetector{

97
				wafs:       make(map[string]waf),

98
				regexCache: make(map[string]*regexp.Regexp),

99
			},

100
			content: "test content",

101
		},

102
	}

103


104
	for _, tt := range tests {

105
		t.Run(tt.name, func(t *testing.T) {

106
			defer func() {

107
				if r := recover(); r != nil {

108
					t.Errorf("DetectWAF panicked with nil pointer: %v", r)

109
				}

110
			}()

111


112
			waf, matched := tt.detector.DetectWAF(tt.content)

113
			if matched {

114
				t.Errorf("expected no match for nil pointer case, got match=true, waf=%s", waf)

115
			}

116
			if waf != "" {

117
				t.Errorf("expected empty WAF string for nil pointer case, got waf=%s", waf)

118
			}

119
		})

120
	}

121
}

122


123