-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathwaf_support_test.go
67 lines (55 loc) · 2.63 KB
/
waf_support_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
//go:build ci
package waf
import (
"flag"
"testing"
wafErrors "github.com/DataDog/go-libddwaf/v3/errors"
"github.com/DataDog/go-libddwaf/v3/internal/support"
"github.com/stretchr/testify/require"
)
var (
wafSupportedFlag *bool
wafBuildTags *string
)
func init() {
wafSupportedFlag = flag.Bool("waf-supported", false, "Set to true if the WAF is supported on the current target")
wafBuildTags = flag.String("waf-build-tags", "", "Set to the build tags used to build the WAF")
}
// TestSupport is used to make sure the WAF is actually enabled and disabled when it respectively should be
// using data send by the CI.
func TestSupport(t *testing.T) {
require.NotNil(t, wafSupportedFlag, "The `waf-supported` flag should be set")
require.NotNil(t, wafBuildTags, "The `waf-build-tags` flag should be set")
require.NotEmpty(t, *wafBuildTags, "The `waf-build-tags` flag should not be empty")
errors := make([]error, len(support.WafSupportErrors()))
copy(errors, support.WafSupportErrors())
if support.WafManuallyDisabledError() != nil {
errors = append(errors, support.WafManuallyDisabledError())
}
ok, _ := Health()
require.Equal(t, *wafSupportedFlag, ok, "WAF support should match the value of the `waf-supported` flag in the CI")
if *wafSupportedFlag {
require.Empty(t, errors, "No errors should be returned when the WAF is supported")
} else {
require.NotEmpty(t, errors, "Errors should be returned when the WAF is not supported")
}
for _, err := range errors {
switch err.(type) {
case wafErrors.UnsupportedOSArchError:
require.Contains(t, *wafBuildTags, err.(wafErrors.UnsupportedOSArchError).Os, "The OS is marked as supported but a support error appeared", err)
require.Contains(t, *wafBuildTags, err.(wafErrors.UnsupportedOSArchError).Arch, "The architecture is marked as supported but a support error appeared", err)
case wafErrors.UnsupportedGoVersionError:
// We can't check anything here because we forced the version to be wrong we a build tag added manually instead of just having an incompatible version
case wafErrors.ManuallyDisabledError:
require.Contains(t, *wafBuildTags, "datadog.no_waf", "The WAF is marked as enabled but a support error appeared", err)
case wafErrors.CgoDisabledError:
require.NotContainsf(t, *wafBuildTags, "cgo", "The build tags contains cgo but a support error appeared", err)
default:
require.Fail(t, "Unknown error type", err)
}
}
}