technova69/waf
Par gilles, le 13 mai 2026 à 11h06min :
add violation-path tests for waf_check_* via pipeline interceptor
Add WafCheckFunctionsViolationPathTest (21 tests, 70 assertions) covering
the violation/block paths of:
- waf_check_cms_probes() : WordPress, xmlrpc, phpMyAdmin, .env, webshell probes
- waf_check_suspicious_ua() : Nikto, sqlmap, Nuclei, Acunetix scanner UAs
- waf_check_malicious_patterns(): eval(), UNION SELECT, path traversal,, shell_exec(), SLEEP(), <?php in GET/POST/COOKIE/nested arrays
Mechanism: extend pipeline() stub in tests/bootstrap.php to support
per-name interceptor callbacks via $GLOBALS[‹ _waf_test_pipeline_interceptors ›].
Tests register a closure for ‹ waf_handle_violation › that captures the call
arguments and returns true, causing waf_handle_violation() to short-circuit
before reaching waf_tarpit_and_block() / exit().
Ajouté
tests/unit/WafCheckFunctionsViolationPathTest.php
Modifié
tests/bootstrap.php