forked from aquasecurity/cloudsploit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathagRequestBodySize.spec.js
123 lines (113 loc) · 4.47 KB
/
agRequestBodySize.spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
var expect = require('chai').expect;
var agRequestBodySize = require('./agRequestBodySize.js');
const wafPolicy = [
{
"name": 'test-vnet',
"id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies',
"type": 'Microsoft.Network/waf',
"tags": { "key": "value" },
"location": 'eastus',
"provisioningState": 'Succeeded',
"virtualNetworkPeerings": [],
"enableDdosProtection": true,
"policySettings":{
"mode": "prevention",
"requestBodyCheck": true,
"maxRequestBodySizeInKb": 128
}
},
{
"name": 'test-vnet',
"id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies',
"type": 'Microsoft.Network/waf',
"tags": {},
"location": 'eastus',
"provisioningState": 'Succeeded',
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"policySettings":{
"mode": "prevention",
"requestBodyCheck": true,
"maxRequestBodySizeInKb": 800
}
},
{
"name": 'test-vnet',
"id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies',
"type": 'Microsoft.Network/waf',
"tags": {},
"location": 'eastus',
"provisioningState": 'Succeeded',
"virtualNetworkPeerings": [],
"enableDdosProtection": false,
"policySettings":{
"mode": "prevention",
"requestBodyCheck": false,
"maxRequestBodySizeInKb": 128
}
},
];
const createCache = (waf) => {
return {
wafPolicies: {
listAll: {
'eastus': {
data: waf
}
}
}
};
};
const createErrorCache = () => {
return {
wafPolicies: {
listAll: {
'eastus': {}
}
}
};
};
describe('agRequestBodySize', function() {
describe('run', function() {
it('should give passing result if no WAF policy found', function(done) {
const cache = createCache([]);
agRequestBodySize.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].message).to.include('No existing WAF policies found');
expect(results[0].region).to.equal('eastus');
done();
});
});
it('should give unknown result if Unable to query for WAF policy', function(done) {
const cache = createErrorCache();
agRequestBodySize.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(3);
expect(results[0].message).to.include('Unable to query for Application Gateway WAF policies');
expect(results[0].region).to.equal('eastus');
done();
});
});
it('should give passing result if Application gateway WAF policy has max request body size of 128 - without setting', function(done) {
const cache = createCache([wafPolicy[0]]);
agRequestBodySize.run(cache, {}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(0);
expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 128 which is less than or equal to 128');
expect(results[0].region).to.equal('eastus');
done();
});
});
it('should give failing result if Application gateway WAF policy has max request body size greater than 500 - with setting', function(done) {
const cache = createCache([wafPolicy[1]]);
agRequestBodySize.run(cache, {max_request_body_size: 500}, (err, results) => {
expect(results.length).to.equal(1);
expect(results[0].status).to.equal(2);
expect(results[0].message).to.include('Application gateway WAF policy has max request body size of 800 which is greater than 500');
expect(results[0].region).to.equal('eastus');
done();
});
});
});
});