You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by me...@apache.org on 2020/06/24 01:59:18 UTC

[incubator-apisix] branch master updated: test: added test cases. (#1752)

This is an automated email from the ASF dual-hosted git repository.

membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new d419fb2  test: added test cases. (#1752)
d419fb2 is described below

commit d419fb22894214e4ef1c1ccfb1ffdaca3dff3fca
Author: YuanSheng Wang <me...@gmail.com>
AuthorDate: Wed Jun 24 09:59:11 2020 +0800

    test: added test cases. (#1752)
---
 t/plugin/uri-blocker.t | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/t/plugin/uri-blocker.t b/t/plugin/uri-blocker.t
index 5f10640..3cf2e37 100644
--- a/t/plugin/uri-blocker.t
+++ b/t/plugin/uri-blocker.t
@@ -264,3 +264,69 @@ GET /hello?c1=2
 GET /hello?cc=2
 --- no_error_log
 [error]
+
+
+
+=== TEST 12: SQL injection
+--- config
+location /t {
+    content_by_lua_block {
+        local t = require("lib.test_admin").test
+        local code, body = t('/apisix/admin/routes/1',
+            ngx.HTTP_PUT,
+            [[{
+                "plugins": {
+                    "uri-blocker": {
+                        "block_rules": ["select.+(from|limit)", "(?:(union(.*?)select))"]
+                    }
+                },
+                "upstream": {
+                    "nodes": {
+                        "127.0.0.1:1980": 1
+                    },
+                    "type": "roundrobin"
+                },
+                "uri": "/hello"
+            }]]
+        )
+
+        if code >= 300 then
+            ngx.status = code
+        end
+        ngx.say(body)
+    }
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+--- error_log
+concat block_rules: select.+(from|limit)|(?:(union(.*?)select)),
+
+
+
+=== TEST 13: hit block rule
+--- request
+GET /hello?name=;select%20from%20sys
+--- error_code: 403
+--- no_error_log
+[error]
+
+
+
+=== TEST 14: hit block rule
+--- request
+GET /hello?name=;union%20select%20
+--- error_code: 403
+--- no_error_log
+[error]
+
+
+
+=== TEST 15: not hit block rule
+--- request
+GET /hello?cc=2
+--- no_error_log
+[error]