2020-06-22 14:45:55 +08:00
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan' ;
2020-07-31 20:19:12 +08:00
repeat_each ( 1 ) ;
2020-06-22 14:45:55 +08:00
no_long_string ( ) ;
no_root_location ( ) ;
no_shuffle ( ) ;
run_tests ;
__DATA__
=== TEST 1 : invalid regular expression
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ ".+(" ]
}
} ,
"uri" : "/hello"
} ] ] )
if code >= 300 then
ngx . status = code
end
ngx . print ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body
{ "error_msg" : "failed to check the configuration of plugin uri-blocker err: pcre_compile() failed: missing ) in \".+(\"" }
- - - no_error_log
[ error ]
=== TEST 2 : multiple valid rules
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "^a" , "^b" ]
}
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 3 : multiple rules ( include one invalid rule )
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "^a" , "^b(" ]
}
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . print ( body )
}
}
- - - request
GET / t
- - - error_code: 400
- - - response_body
{ "error_msg" : "failed to check the configuration of plugin uri-blocker err: pcre_compile() failed: missing ) in \"^b(\"" }
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
=== TEST 4 : one block rule
2020-06-22 14:45:55 +08:00
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "aa" ]
}
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ] ,
[ [ {
"node" : {
"value" : {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "aa" ]
}
}
}
}
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 5 : hit block rule
- - - request
GET / hello ? aa = 1
- - - error_code: 403
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
- - - error_log
concat block_rules: aa
2020-06-22 14:45:55 +08:00
=== TEST 6 : miss block rule
- - - request
GET / hello ? bb = 2
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
- - - error_log
concat block_rules: aa
2020-06-22 14:45:55 +08:00
=== TEST 7 : multiple block rules
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "aa" , "bb" , "c\\d+" ]
}
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 8 : hit block rule
- - - request
GET / hello ? x = bb
- - - error_code: 403
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
- - - error_log
concat block_rules: aa | bb | c \ d + ,
2020-06-22 14:45:55 +08:00
=== TEST 9 : hit block rule
- - - request
GET / hello ? bb = 2
- - - error_code: 403
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
- - - error_log
concat block_rules: aa | bb | c \ d + ,
2020-06-22 14:45:55 +08:00
=== TEST 10 : hit block rule
- - - request
GET / hello ? c1 = 2
- - - error_code: 403
- - - no_error_log
[ error ]
=== TEST 11 : not hit block rule
- - - request
GET / hello ? cc = 2
- - - no_error_log
[ error ]
2020-06-24 09:59:11 +08:00
=== TEST 12 : SQL injection
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "select.+(from|limit)" , "(?:(union(.*?)select))" ]
}
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . say ( body )
}
}
- - - request
GET / t
- - - response_body
passed
- - - no_error_log
[ error ]
=== TEST 13 : hit block rule
- - - request
GET / hello ? name = ; select % 20from % 20sys
- - - error_code: 403
- - - no_error_log
[ error ]
2020-07-31 20:19:12 +08:00
- - - error_log
concat block_rules: select . + ( from | limit ) | ( ? : ( union ( . * ? ) select ) ) ,
2020-06-24 09:59:11 +08:00
=== TEST 14 : hit block rule
- - - request
GET / hello ? name = ; union % 20select % 20
- - - error_code: 403
- - - no_error_log
[ error ]
=== TEST 15 : not hit block rule
- - - request
GET / hello ? cc = 2
- - - no_error_log
[ error ]
2021-08-21 12:10:31 +08:00
=== TEST 16 : invalid rejected_msg length or type
- - - config
location / t {
content_by_lua_block {
local data = {
{
input = {
plugins = {
[ "uri-blocker" ] = {
block_rules = { "^a" } ,
rejected_msg = "" ,
} ,
} ,
uri = "/hello" ,
} ,
output = {
error_msg = "failed to check the configuration of plugin uri-blocker err: property \"rejected_msg\" validation failed: string too short, expected at least 1, got 0" ,
} ,
} ,
{
input = {
plugins = {
[ "uri-blocker" ] = {
block_rules = { "^a" } ,
rejected_msg = true ,
} ,
} ,
uri = "/hello" ,
} ,
output = {
error_msg = "failed to check the configuration of plugin uri-blocker err: property \"rejected_msg\" validation failed: wrong type: expected string, got boolean" ,
} ,
} ,
}
local t = require ( "lib.test_admin" ) . test
local err_count = 0
for i in ipairs ( data ) do
local code , body = t ( '/apisix/admin/routes/1' , ngx . HTTP_PUT , data [ i ] . input , data [ i ] . output )
if code >= 300 then
err_count = err_count + 1
end
ngx . print ( body )
end
assert ( err_count == #data)
}
}
- - - request
GET / t
- - - no_error_log
[ error ]
=== TEST 17 : one block rule , with rejected_msg
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "aa" ] ,
"rejected_msg" : "access is not allowed"
}
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . print ( body )
}
}
- - - request
GET / t
- - - no_error_log
[ error ]
=== TEST 18 : hit block rule and return rejected_msg
- - - request
GET / hello ? aa = 1
- - - error_code: 403
- - - response_body
{ "error_msg" : "access is not allowed" }
- - - no_error_log
[ error ]
2021-08-23 18:28:11 +08:00
=== TEST 19 : one block rule , with case insensitive
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "AA" ] ,
"rejected_msg" : "access is not allowed" ,
"case_insensitive" : true
}
} ,
"upstream" : {
"nodes" : {
"127.0.0.1:1980" : 1
} ,
"type" : "roundrobin"
} ,
"uri" : "/hello"
} ] ]
)
if code >= 300 then
ngx . status = code
end
ngx . print ( body )
}
}
- - - request
GET / t
- - - no_error_log
[ error ]
=== TEST 20 : hit block rule
- - - request
GET / hello ? aa = 1
- - - error_code: 403
- - - response_body
{ "error_msg" : "access is not allowed" }
- - - no_error_log
[ error ]
2021-11-09 16:21:27 +08:00
=== TEST 21 : add block rule with anchor
- - - config
location / t {
content_by_lua_block {
local t = require ( "lib.test_admin" ) . test
local code , body = t ( '/apisix/admin/routes/1' ,
ngx . HTTP_PUT ,
[ [ {
"plugins" : {
"uri-blocker" : {
"block_rules" : [ "^/internal/" ]
}
} ,
"uri" : "/internal/*"
} ] ] )
if code >= 300 then
ngx . status = code
end
ngx . print ( body )
}
}
- - - request
GET / t
=== TEST 22 : can ' t bypass with url without normalization
- - - request
GET /./i nternal / x ? aa = 1
- - - error_code: 403
- - - no_error_log
[ error ]