go-ftw
go-ftw copied to clipboard
coreruleset
Web Application Firewall Testing Framework - Go version
Don't know if this is feasible, but let's see. We found out that we might want to skip (or don't run tests) based on attributes of the rule we are...
Hi, Currently, such behavior is implemented for the actual tests using the config field `testoverride.input.headers` of type map. Per my tests, these custom request headers are not used in the...
Hello, currently, ftw is looking for the IDs of the triggered rules after sending a request. What we are facing running Coraza on Envoy is that the phase when the...
Initial implementation specifically went around standard interfaces like `Client` or `RoundTripper`. Now that the project is working properly, we should revisit using standard interfaces to enable extensions from other users....
Github supports adding a summary by using `echo "{markdown content}" >> $GITHUB_STEP_SUMMARY` It is the perfect place for printing the summary.
As a security rules tester, I would like to have tests results coverage based on the tests and on the rules I am testing. **Requirements** - add an optional `--coverage`...
We have been thinking about renaming the project. The name `go-ftw` was a quick win to replace the retired `ftw`. Our reasons to rename the project are: - `go` prefix...
The `Header` type currently doesn't support multiple values for a single header. We need to support requests that include the same header multiple times, possibly with different casings. Examples: ```...
Same as we have for crs-toolchain, we should add self-update as it is very handy.
Many of the tests are duplicates with minor variations in the payload. Test for many rules could be condensed to two or three tests with many payloads instead. - extend...
Metadata
Owner
Metadata
Web Application Firewall Testing Framework - Go version