bf74711514
This test verifies that we can run nginx with the modsecurity
directives.
It also checks a very simple rule that blocks requests containing the
keyword "blockme".
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[Julien:
- add / at directory end in DEVELOPERS
- sort DEVELOPERS entries alphabetically
- remove unneeded test configs already present in
BASIC_TOOLCHAIN_CONFIG
- sort test config directives alphabetically
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 5cda85cb56)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
34 lines
1.2 KiB
Python
34 lines
1.2 KiB
Python
import os
|
|
|
|
import infra.basetest
|
|
|
|
|
|
class TestNginxModsecurity(infra.basetest.BRTest):
|
|
overlay = infra.filepath("tests/package/test_nginx_modsecurity/overlay")
|
|
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
|
|
f"""
|
|
BR2_PACKAGE_NGINX=y
|
|
BR2_PACKAGE_NGINX_HTTP=y
|
|
BR2_PACKAGE_NGINX_MODSECURITY=y
|
|
BR2_ROOTFS_OVERLAY="{overlay}"
|
|
BR2_TARGET_ROOTFS_CPIO=y
|
|
BR2_TARGET_ROOTFS_CPIO_GZIP=y
|
|
"""
|
|
|
|
def test_run(self):
|
|
cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
|
|
self.emulator.boot(arch="armv5",
|
|
kernel="builtin",
|
|
options=["-initrd", cpio_file])
|
|
self.emulator.login()
|
|
|
|
self.assertRunOk("nginx -V")
|
|
self.assertRunOk("wget http://localhost/index.html")
|
|
self.assertRunOk("grep -F 'Welcome to nginx!' index.html")
|
|
cmd = "wget -q -O /dev/null --server-response 2>&1 " \
|
|
"http://localhost/blockme/ 2>&1 | awk '/^ HTTP/{print $2}'"
|
|
out, ret = self.emulator.run(cmd)
|
|
self.assertEqual(ret, 0)
|
|
# Check for HTTP 403 Unauthorized:
|
|
self.assertEqual(out[0], "403")
|