|
| 1 | +#!/usr/bin/env python3 |
| 2 | + |
| 3 | +import requests |
| 4 | +import json |
| 5 | +import sys |
| 6 | +import re |
| 7 | +import argparse |
| 8 | +from termcolor import colored |
| 9 | + |
| 10 | +def setup_args(): |
| 11 | + parser = argparse.ArgumentParser(description='Check WAF configuration for testing') |
| 12 | + parser.add_argument('--url', default='http://localhost:8080', help='URL to test (default: http://localhost:8080)') |
| 13 | + parser.add_argument('--config-endpoint', default='', help='Endpoint for accessing WAF configuration (if available)') |
| 14 | + parser.add_argument('--rules-file', default='sample_rules.json', help='Path to rules file (default: sample_rules.json)') |
| 15 | + return parser.parse_args() |
| 16 | + |
| 17 | +def load_rules_from_file(file_path): |
| 18 | + """Load rules from a JSON file, handling comments if present.""" |
| 19 | + try: |
| 20 | + # Read the file content |
| 21 | + with open(file_path, 'r') as f: |
| 22 | + content = f.read() |
| 23 | + |
| 24 | + # Remove JavaScript-style comments if present |
| 25 | + content = re.sub(r'//.*?\n', '\n', content) # Remove single-line comments |
| 26 | + content = re.sub(r'/\*.*?\*/', '', content, flags=re.DOTALL) # Remove multi-line comments |
| 27 | + |
| 28 | + # Parse JSON |
| 29 | + rules = json.loads(content) |
| 30 | + print(colored(f"Loaded {len(rules)} rules from {file_path}", "green")) |
| 31 | + return rules |
| 32 | + except json.JSONDecodeError as e: |
| 33 | + print(colored(f"Error parsing JSON from {file_path}: {str(e)}", "red")) |
| 34 | + print(colored("Make sure the file is valid JSON. JavaScript-style comments are stripped automatically.", "yellow")) |
| 35 | + return [] |
| 36 | + except Exception as e: |
| 37 | + print(colored(f"Error loading rules from {file_path}: {str(e)}", "red")) |
| 38 | + return [] |
| 39 | + |
| 40 | +def check_rule_coverage(rules, threshold=5): |
| 41 | + """Check if rules cover all test cases needed for anomaly threshold test.""" |
| 42 | + required_tests = { |
| 43 | + "low_score_test": False, |
| 44 | + "param1_score2": False, |
| 45 | + "param2_score2": False, |
| 46 | + "param1_score3": False, |
| 47 | + "param2_score3": False, |
| 48 | + "block_true": False, |
| 49 | + "increment_score1": False, |
| 50 | + "increment_score2": False, |
| 51 | + "increment_score3": False |
| 52 | + } |
| 53 | + |
| 54 | + # Store rule scores for tests |
| 55 | + rule_scores = { |
| 56 | + "low_score_test": 0, |
| 57 | + "param1_score2": 0, |
| 58 | + "param2_score2": 0, |
| 59 | + "param1_score3": 0, |
| 60 | + "param2_score3": 0, |
| 61 | + "increment_score1": 0, |
| 62 | + "increment_score2": 0, |
| 63 | + "increment_score3": 0 |
| 64 | + } |
| 65 | + |
| 66 | + block_rule_mode = None |
| 67 | + |
| 68 | + for rule in rules: |
| 69 | + # Check for low score test rule |
| 70 | + if 'targets' in rule and 'URL_PARAM:test' in rule['targets'] and 'pattern' in rule and 'low_score_test' in rule['pattern']: |
| 71 | + required_tests["low_score_test"] = True |
| 72 | + print(colored(f"✓ Found rule for test=low_score_test (ID: {rule.get('id', 'unknown')})", "green")) |
| 73 | + if 'score' in rule: |
| 74 | + rule_scores["low_score_test"] = rule.get('score', 0) |
| 75 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 76 | + |
| 77 | + # Check for param1 score2 |
| 78 | + if 'targets' in rule and 'URL_PARAM:param1' in rule['targets'] and 'pattern' in rule and 'score2' in rule['pattern']: |
| 79 | + required_tests["param1_score2"] = True |
| 80 | + print(colored(f"✓ Found rule for param1=score2 (ID: {rule.get('id', 'unknown')})", "green")) |
| 81 | + if 'score' in rule: |
| 82 | + rule_scores["param1_score2"] = rule.get('score', 0) |
| 83 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 84 | + |
| 85 | + # Check for param2 score2 |
| 86 | + if 'targets' in rule and 'URL_PARAM:param2' in rule['targets'] and 'pattern' in rule and 'score2' in rule['pattern']: |
| 87 | + required_tests["param2_score2"] = True |
| 88 | + print(colored(f"✓ Found rule for param2=score2 (ID: {rule.get('id', 'unknown')})", "green")) |
| 89 | + if 'score' in rule: |
| 90 | + rule_scores["param2_score2"] = rule.get('score', 0) |
| 91 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 92 | + |
| 93 | + # Check for param1 score3 |
| 94 | + if 'targets' in rule and 'URL_PARAM:param1' in rule['targets'] and 'pattern' in rule and 'score3' in rule['pattern']: |
| 95 | + required_tests["param1_score3"] = True |
| 96 | + print(colored(f"✓ Found rule for param1=score3 (ID: {rule.get('id', 'unknown')})", "green")) |
| 97 | + if 'score' in rule: |
| 98 | + rule_scores["param1_score3"] = rule.get('score', 0) |
| 99 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 100 | + |
| 101 | + # Check for param2 score3 |
| 102 | + if 'targets' in rule and 'URL_PARAM:param2' in rule['targets'] and 'pattern' in rule and 'score3' in rule['pattern']: |
| 103 | + required_tests["param2_score3"] = True |
| 104 | + print(colored(f"✓ Found rule for param2=score3 (ID: {rule.get('id', 'unknown')})", "green")) |
| 105 | + if 'score' in rule: |
| 106 | + rule_scores["param2_score3"] = rule.get('score', 0) |
| 107 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 108 | + |
| 109 | + # Check for block action |
| 110 | + if 'targets' in rule and 'URL_PARAM:block' in rule['targets'] and 'pattern' in rule and 'true' in rule['pattern']: |
| 111 | + required_tests["block_true"] = True |
| 112 | + block_rule_mode = rule.get('mode', 'unknown') |
| 113 | + print(colored(f"✓ Found rule for block=true (ID: {rule.get('id', 'unknown')})", "green")) |
| 114 | + print(colored(f" Action: {block_rule_mode}", "yellow")) |
| 115 | + if block_rule_mode != 'block': |
| 116 | + print(colored(" WARNING: This rule should have mode='block'", "red")) |
| 117 | + |
| 118 | + # Check for increment score rules |
| 119 | + if 'targets' in rule and 'URL_PARAM:increment' in rule['targets']: |
| 120 | + if 'pattern' in rule and 'score1' in rule['pattern']: |
| 121 | + required_tests["increment_score1"] = True |
| 122 | + rule_scores["increment_score1"] = rule.get('score', 0) |
| 123 | + print(colored(f"✓ Found rule for increment=score1 (ID: {rule.get('id', 'unknown')})", "green")) |
| 124 | + if 'score' in rule: |
| 125 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 126 | + |
| 127 | + if 'pattern' in rule and 'score2' in rule['pattern']: |
| 128 | + required_tests["increment_score2"] = True |
| 129 | + rule_scores["increment_score2"] = rule.get('score', 0) |
| 130 | + print(colored(f"✓ Found rule for increment=score2 (ID: {rule.get('id', 'unknown')})", "green")) |
| 131 | + if 'score' in rule: |
| 132 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 133 | + |
| 134 | + if 'pattern' in rule and 'score3' in rule['pattern']: |
| 135 | + required_tests["increment_score3"] = True |
| 136 | + rule_scores["increment_score3"] = rule.get('score', 0) |
| 137 | + print(colored(f"✓ Found rule for increment=score3 (ID: {rule.get('id', 'unknown')})", "green")) |
| 138 | + if 'score' in rule: |
| 139 | + print(colored(f" Score: {rule['score']}", "yellow")) |
| 140 | + |
| 141 | + # Check test coverage |
| 142 | + missing_tests = [test.replace('_', '=') for test, found in required_tests.items() if not found] |
| 143 | + if missing_tests: |
| 144 | + print(colored(f"\n⚠ Missing rules for: {', '.join(missing_tests)}", "red")) |
| 145 | + else: |
| 146 | + print(colored("\n✓ All required test rules are present!", "green")) |
| 147 | + |
| 148 | + # Validate expected scores for key test combinations |
| 149 | + print(colored("\nCalculated Scores for Key Test Combinations:", "cyan")) |
| 150 | + |
| 151 | + # Test 2: Below threshold |
| 152 | + test2_score = rule_scores["param1_score2"] + rule_scores["param2_score2"] |
| 153 | + test2_should_block = test2_score >= threshold |
| 154 | + |
| 155 | + if required_tests["param1_score2"] and required_tests["param2_score2"]: |
| 156 | + print(colored(f"Test 2 - param1=score2¶m2=score2: Score = {test2_score}", "yellow")) |
| 157 | + print(colored(f" Threshold: {threshold}, Should Block: {'Yes' if test2_should_block else 'No'}", |
| 158 | + "red" if test2_should_block else "green")) |
| 159 | + if test2_should_block: |
| 160 | + print(colored(" WARNING: This test should pass (not block) but the score may trigger blocking", "red")) |
| 161 | + else: |
| 162 | + print(colored("Test 2 - param1=score2¶m2=score2: Cannot calculate - missing rules", "red")) |
| 163 | + |
| 164 | + # Test 3: Exceeds threshold |
| 165 | + test3_score = rule_scores["param1_score3"] + rule_scores["param2_score3"] |
| 166 | + test3_should_block = test3_score >= threshold |
| 167 | + |
| 168 | + if required_tests["param1_score3"] and required_tests["param2_score3"]: |
| 169 | + print(colored(f"Test 3 - param1=score3¶m2=score3: Score = {test3_score}", "yellow")) |
| 170 | + print(colored(f" Threshold: {threshold}, Should Block: {'Yes' if test3_should_block else 'No'}", |
| 171 | + "green" if test3_should_block else "red")) |
| 172 | + if not test3_should_block: |
| 173 | + print(colored(" WARNING: This test should be blocked but the score is below threshold", "red")) |
| 174 | + else: |
| 175 | + print(colored("Test 3 - param1=score3¶m2=score3: Cannot calculate - missing rules", "red")) |
| 176 | + |
| 177 | + # Test 4: Block action |
| 178 | + if required_tests["block_true"]: |
| 179 | + block_should_work = block_rule_mode == 'block' |
| 180 | + print(colored(f"Test 4 - block=true: Mode = {block_rule_mode}", "yellow")) |
| 181 | + print(colored(f" Should Block: {'Yes' if block_should_work else 'No'}", |
| 182 | + "green" if block_should_work else "red")) |
| 183 | + if not block_should_work: |
| 184 | + print(colored(" WARNING: This rule should have mode='block' to properly test blocking", "red")) |
| 185 | + else: |
| 186 | + print(colored("Test 4 - block=true: Cannot evaluate - missing rule", "red")) |
| 187 | + |
| 188 | + return required_tests, missing_tests, { |
| 189 | + "test2_score": test2_score if required_tests["param1_score2"] and required_tests["param2_score2"] else None, |
| 190 | + "test3_score": test3_score if required_tests["param1_score3"] and required_tests["param2_score3"] else None, |
| 191 | + "test2_should_block": test2_should_block if required_tests["param1_score2"] and required_tests["param2_score2"] else None, |
| 192 | + "test3_should_block": test3_should_block if required_tests["param1_score3"] and required_tests["param2_score3"] else None, |
| 193 | + "block_should_work": block_rule_mode == 'block' if required_tests["block_true"] else None |
| 194 | + } |
| 195 | + |
| 196 | +def check_waf_active(url): |
| 197 | + """Check if the WAF is active by attempting to trigger a basic rule.""" |
| 198 | + block_payload = {'block': 'true'} |
| 199 | + |
| 200 | + try: |
| 201 | + print(colored(f"\nSending test request to {url} with block=true", "blue")) |
| 202 | + response = requests.get(url, params=block_payload, timeout=5) |
| 203 | + |
| 204 | + if response.status_code == 403: |
| 205 | + print(colored("✓ WAF appears to be active (blocked request as expected)", "green")) |
| 206 | + return True |
| 207 | + else: |
| 208 | + print(colored(f"⚠ WAF might not be active - received status {response.status_code} instead of 403", "red")) |
| 209 | + print(colored("Check your WAF configuration and make sure blocking is enabled", "yellow")) |
| 210 | + return False |
| 211 | + except requests.exceptions.RequestException as e: |
| 212 | + print(colored(f"Error checking WAF: {str(e)}", "red")) |
| 213 | + return False |
| 214 | + |
| 215 | +def main(): |
| 216 | + args = setup_args() |
| 217 | + base_url = args.url |
| 218 | + rules_file = args.rules_file |
| 219 | + |
| 220 | + print(colored("WAF Configuration Checker", "cyan")) |
| 221 | + print(colored(f"Target URL: {base_url}", "yellow")) |
| 222 | + print(colored(f"Rules file: {rules_file}", "yellow")) |
| 223 | + |
| 224 | + # Check server connectivity |
| 225 | + try: |
| 226 | + response = requests.get(base_url, timeout=2) |
| 227 | + print(colored(f"✓ Server is reachable at {base_url}", "green")) |
| 228 | + except requests.exceptions.RequestException: |
| 229 | + print(colored(f"⚠ Cannot reach server at {base_url}", "red")) |
| 230 | + print(colored("Make sure Caddy is running with your WAF configuration.", "yellow")) |
| 231 | + sys.exit(1) |
| 232 | + |
| 233 | + # Load and check rules |
| 234 | + rules = load_rules_from_file(rules_file) |
| 235 | + if rules: |
| 236 | + required_tests, missing_tests, test_scores = check_rule_coverage(rules) |
| 237 | + |
| 238 | + print(colored("\nExpected Test Results Based on Rules:", "cyan")) |
| 239 | + if test_scores["test2_should_block"] is not None: |
| 240 | + status = "FAIL (should block)" if test_scores["test2_should_block"] else "PASS (should allow)" |
| 241 | + color = "red" if test_scores["test2_should_block"] else "green" |
| 242 | + print(colored(f"Test 2 (Below threshold): {status}", color)) |
| 243 | + |
| 244 | + if test_scores["test3_should_block"] is not None: |
| 245 | + status = "PASS (should block)" if test_scores["test3_should_block"] else "FAIL (should allow)" |
| 246 | + color = "green" if test_scores["test3_should_block"] else "red" |
| 247 | + print(colored(f"Test 3 (Exceed threshold): {status}", color)) |
| 248 | + |
| 249 | + if test_scores["block_should_work"] is not None: |
| 250 | + status = "PASS (should block)" if test_scores["block_should_work"] else "FAIL (won't block)" |
| 251 | + color = "green" if test_scores["block_should_work"] else "red" |
| 252 | + print(colored(f"Test 4 (Block action): {status}", color)) |
| 253 | + |
| 254 | + # Only check WAF if we have the necessary rules |
| 255 | + if required_tests["block_true"]: |
| 256 | + print(colored("\nVerifying WAF is active...", "cyan")) |
| 257 | + check_waf_active(base_url) |
| 258 | + |
| 259 | + # Provide recommendations |
| 260 | + if missing_tests: |
| 261 | + print(colored("\nRecommendations:", "cyan")) |
| 262 | + print(colored("Add the missing rules to your configuration to run all tests successfully.", "yellow")) |
| 263 | + |
| 264 | + print(colored("\nConfiguration check complete.", "cyan")) |
| 265 | + else: |
| 266 | + print(colored("\nCould not load rules for verification.", "red")) |
| 267 | + |
| 268 | +if __name__ == "__main__": |
| 269 | + main() |
0 commit comments