You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2020/06/24 01:59:18 UTC
[incubator-apisix] branch master updated: test: added test cases.
(#1752)
This is an automated email from the ASF dual-hosted git repository.
membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-apisix.git
The following commit(s) were added to refs/heads/master by this push:
new d419fb2 test: added test cases. (#1752)
d419fb2 is described below
commit d419fb22894214e4ef1c1ccfb1ffdaca3dff3fca
Author: YuanSheng Wang <me...@gmail.com>
AuthorDate: Wed Jun 24 09:59:11 2020 +0800
test: added test cases. (#1752)
---
t/plugin/uri-blocker.t | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
diff --git a/t/plugin/uri-blocker.t b/t/plugin/uri-blocker.t
index 5f10640..3cf2e37 100644
--- a/t/plugin/uri-blocker.t
+++ b/t/plugin/uri-blocker.t
@@ -264,3 +264,69 @@ GET /hello?c1=2
GET /hello?cc=2
--- no_error_log
[error]
+
+
+
+=== TEST 12: SQL injection
+--- config
+location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "uri-blocker": {
+ "block_rules": ["select.+(from|limit)", "(?:(union(.*?)select))"]
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+--- error_log
+concat block_rules: select.+(from|limit)|(?:(union(.*?)select)),
+
+
+
+=== TEST 13: hit block rule
+--- request
+GET /hello?name=;select%20from%20sys
+--- error_code: 403
+--- no_error_log
+[error]
+
+
+
+=== TEST 14: hit block rule
+--- request
+GET /hello?name=;union%20select%20
+--- error_code: 403
+--- no_error_log
+[error]
+
+
+
+=== TEST 15: not hit block rule
+--- request
+GET /hello?cc=2
+--- no_error_log
+[error]