Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add smoke test for appprotect csrf policy #1627

Merged
merged 2 commits into from
May 26, 2021
Merged

Conversation

vepatel
Copy link
Contributor

@vepatel vepatel commented May 25, 2021

Proposed changes

  • Add smoke test for AP CSRF policy,
  • Remove hardcoded waits.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto master
  • I will ensure my PR is targeting the master branch and pulling from my branch from my own fork

suite/test_app_protect.py::TestAppProtect::test_responses_csrf[backend_setup0-crd_ingress_controller_with_ap0] PASSED [ 21%]

print("----------------------- Send request with http origin header ----------------------")

headers = {"host": backend_setup.ingress_host, "Origin": "http://appprotect.example.com"}
resp_valid = requests.post(backend_setup.req_url, headers=headers, verify=False, cookies={"flavor": "darkchoco"})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are cookies necessary? the policy doesn't configure any rules for cookies, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pleshakov cookies are necessary for CSRF protection to kick in

time.sleep(1)
pytest.fail(f"Keep getting 502|504 from {req_url} after 60 seconds. Exiting...")

if check404:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Woudl it make sense to put the status checks in a function and thus remove if...else completely? something like that

for _ in range(60):
            resp = requests.get(req_url, headers=headers, verify=False)
            if  checkRespStatus(check404):
                print(f"After {_} retries at 1 second interval, got {resp.status_code} response. Continue with tests...")
                return
            time.sleep(1)
        pytest.fail(f"Keep getting {resp.status_code} from {req_url} after 60 seconds. Exiting...")

Copy link
Contributor

@soneillf5 soneillf5 May 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd agree with the sentiment, the code in the loops are very similar.
They could be combined using with:

             if resp.status_code not in valid_codes:

and from there either use wrapping functions or params to setup valid_codes.

print("------------- Run test for AP policy: file-block --------------")
print(f"Request URL: {backend_setup.req_url} and Host: {backend_setup.ingress_host}")

wait_before_test(40)
ensure_response_from_backend(backend_setup.req_url, backend_setup.ingress_host)
ensure_response_from_backend(backend_setup.req_url, backend_setup.ingress_host, check404=True)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's nice to see the wait removed :D

@vepatel vepatel merged commit feb16da into master May 26, 2021
@vepatel vepatel deleted the tests/ap-csrf-policy branch May 26, 2021 09:03
@lucacome lucacome added the chore Pull requests for routine tasks label Jun 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Pull requests for routine tasks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants