@@ -36,6 +36,7 @@ func TestBlockedRequestPhase1_DNSBlacklist(t *testing.T) {
3636
3737// Simulate a request to a blacklisted domain
3838req := httptest .NewRequest ("GET" ,"http://malicious.domain" ,nil )
39+ req .RemoteAddr = localIP
3940w := httptest .NewRecorder ()
4041state := & WAFState {}
4142
@@ -97,7 +98,7 @@ func TestBlockedRequestPhase1_IPBlocking(t *testing.T) {
9798assert .NoError (t ,err )
9899
99100ipBlackList := trie .NewTrie ()
100- ipBlackList .Insert (netip .MustParsePrefix ("127.0.0.1" ),nil )
101+ ipBlackList .Insert (netip .MustParsePrefix ("127.0.0.1/24 " ),nil )
101102
102103middleware := & Middleware {
103104logger :logger ,
@@ -111,7 +112,7 @@ func TestBlockedRequestPhase1_IPBlocking(t *testing.T) {
111112}
112113
113114req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
114- req .RemoteAddr = "127.0.0.1"
115+ req .RemoteAddr = localIP
115116w := httptest .NewRecorder ()
116117state := & WAFState {}
117118
@@ -208,6 +209,7 @@ func TestBlockedRequestPhase1_HeaderRegex(t *testing.T) {
208209}
209210
210211req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
212+ req .RemoteAddr = localIP
211213req .Header .Set ("X-Custom-Header" ,"this-is-a-bad-header" )// Simulate a request with bad header
212214
213215// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -260,6 +262,7 @@ func TestBlockedRequestPhase1_HeaderRegex_SpecificValue(t *testing.T) {
260262}
261263
262264req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
265+ req .RemoteAddr = localIP
263266req .Header .Set ("X-Specific-Header" ,"specific-value" )// Simulate a request with the specific header
264267
265268// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -312,6 +315,7 @@ func TestBlockedRequestPhase1_HeaderRegex_CommaSeparatedTargets(t *testing.T) {
312315}
313316
314317req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
318+ req .RemoteAddr = localIP
315319req .Header .Set ("X-Custom-Header1" ,"good-value" )
316320req .Header .Set ("X-Custom-Header2" ,"bad-value" )// Simulate a request with bad value in one of the headers
317321
@@ -365,6 +369,7 @@ func TestBlockedRequestPhase1_CombinedConditions(t *testing.T) {
365369}
366370
367371req := httptest .NewRequest ("GET" ,"http://bad-host.com" ,nil )
372+ req .RemoteAddr = localIP
368373req .Header .Set ("User-Agent" ,"good-user" )
369374
370375// Create a context and add logID to it
@@ -417,6 +422,7 @@ func TestBlockedRequestPhase1_NoMatch(t *testing.T) {
417422}
418423
419424req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
425+ req .RemoteAddr = localIP
420426req .Header .Set ("User-Agent" ,"good-user" )
421427
422428// Create a context and add logID to it
@@ -469,6 +475,7 @@ func TestBlockedRequestPhase1_HeaderRegex_EmptyHeader(t *testing.T) {
469475}
470476
471477req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
478+ req .RemoteAddr = localIP
472479
473480// Create a context and add logID to it
474481ctx := context .Background ()
@@ -519,6 +526,7 @@ func TestBlockedRequestPhase1_HeaderRegex_MissingHeader(t *testing.T) {
519526}
520527
521528req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )// Header not set
529+ req .RemoteAddr = localIP
522530
523531// Create a context and add logID to it
524532ctx := context .Background ()
@@ -571,6 +579,7 @@ func TestBlockedRequestPhase1_HeaderRegex_ComplexPattern(t *testing.T) {
571579}
572580
573581req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
582+ req .RemoteAddr = localIP
574583req .Header .Set ("X-Email-Header" ,"test@example.com" )// Simulate a request with a valid email
575584
576585// Create a context and add logID to it
@@ -623,6 +632,7 @@ func TestBlockedRequestPhase1_MultiTargetMatch(t *testing.T) {
623632}
624633
625634req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
635+ req .RemoteAddr = localIP
626636req .Header .Set ("X-Custom-Header" ,"good-header" )
627637req .Header .Set ("User-Agent" ,"bad-user-agent" )
628638
@@ -675,6 +685,7 @@ func TestBlockedRequestPhase1_MultiTargetNoMatch(t *testing.T) {
675685}
676686
677687req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
688+ req .RemoteAddr = localIP
678689req .Header .Set ("X-Custom-Header" ,"good-header" )
679690req .Header .Set ("User-Agent" ,"good-user-agent" )
680691
@@ -728,6 +739,7 @@ func TestBlockedRequestPhase1_URLParameterRegex_NoMatch(t *testing.T) {
728739}
729740
730741req := httptest .NewRequest ("GET" ,"http://example.com?param1=good-param-value¶m2=good-value" ,nil )
742+ req .RemoteAddr = localIP
731743
732744// Create a context and add logID to it - FIX: ADD CONTEXT HERE
733745ctx := context .Background ()
@@ -787,6 +799,7 @@ func TestBlockedRequestPhase1_MultipleRules(t *testing.T) {
787799}
788800
789801req := httptest .NewRequest ("GET" ,"http://bad-host.com" ,nil )
802+ req .RemoteAddr = localIP
790803req .Header .Set ("User-Agent" ,"bad-user" )// Simulate a request with a bad user agent
791804
792805// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -809,6 +822,7 @@ func TestBlockedRequestPhase1_MultipleRules(t *testing.T) {
809822assert .Contains (t ,w .Body .String (),"Blocked by Multiple Rules" ,"Response body should contain 'Blocked by Multiple Rules'" )
810823
811824req2 := httptest .NewRequest ("GET" ,"http://good-host.com" ,nil )
825+ req2 .RemoteAddr = localIP
812826req2 .Header .Set ("User-Agent" ,"bad-user" )// Simulate a request with a bad user agent
813827
814828// Create a context and add logID to it - FIX: ADD CONTEXT HERE for req2 as well!
@@ -867,6 +881,7 @@ func TestBlockedRequestPhase2_BodyRegex(t *testing.T) {
867881return b
868882}(),// Simulate a request with bad body
869883)
884+ req .RemoteAddr = localIP
870885req .Header .Set ("Content-Type" ,"text/plain" )
871886
872887// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -925,6 +940,7 @@ func TestBlockedRequestPhase2_BodyRegex_JSON(t *testing.T) {
925940return b
926941}(),// Simulate a request with JSON body
927942)
943+ req .RemoteAddr = localIP
928944req .Header .Set ("Content-Type" ,"application/json" )
929945
930946// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -979,6 +995,7 @@ func TestBlockedRequestPhase2_BodyRegex_FormURLEncoded(t *testing.T) {
979995req := httptest .NewRequest ("POST" ,"http://example.com" ,
980996strings .NewReader ("param1=value1&secret=badvalue¶m2=value2" ),
981997)
998+ req .RemoteAddr = localIP
982999req .Header .Set ("Content-Type" ,"application/x-www-form-urlencoded" )
9831000
9841001// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -1037,6 +1054,7 @@ func TestBlockedRequestPhase2_BodyRegex_SpecificPattern(t *testing.T) {
10371054return b
10381055}(),
10391056)
1057+ req .RemoteAddr = localIP
10401058req .Header .Set ("Content-Type" ,"text/plain" )// Setting content type
10411059
10421060// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -1095,6 +1113,7 @@ func TestBlockedRequestPhase2_BodyRegex_NoMatch(t *testing.T) {
10951113return b
10961114}(),
10971115)
1116+ req .RemoteAddr = localIP
10981117req .Header .Set ("Content-Type" ,"text/plain" )
10991118
11001119// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -1162,6 +1181,7 @@ func TestBlockedRequestPhase2_BodyRegex_NoMatch_MultipartForm(t *testing.T) {
11621181}
11631182
11641183req := httptest .NewRequest ("POST" ,"http://example.com" ,body )
1184+ req .RemoteAddr = localIP
11651185req .Header .Set ("Content-Type" ,writer .FormDataContentType ())
11661186
11671187// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -1214,6 +1234,7 @@ func TestBlockedRequestPhase2_BodyRegex_NoBody(t *testing.T) {
12141234}
12151235
12161236req := httptest .NewRequest ("POST" ,"http://example.com" ,nil )
1237+ req .RemoteAddr = localIP
12171238w := httptest .NewRecorder ()
12181239state := & WAFState {}
12191240
@@ -1267,6 +1288,7 @@ func TestBlockedRequestPhase3_ResponseHeaderRegex_NoMatch(t *testing.T) {
12671288}()
12681289
12691290req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1291+ req .RemoteAddr = localIP
12701292w := httptest .NewRecorder ()
12711293state := & WAFState {}
12721294
@@ -1321,6 +1343,7 @@ func TestBlockedRequestPhase4_ResponseBodyRegex_EmptyBody(t *testing.T) {
13211343}()
13221344
13231345req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1346+ req .RemoteAddr = localIP
13241347w := httptest .NewRecorder ()
13251348state := & WAFState {}
13261349err := middleware .ServeHTTP (w ,req ,mockHandler )
@@ -1376,6 +1399,7 @@ func TestBlockedRequestPhase4_ResponseBodyRegex_NoBody(t *testing.T) {
13761399}()
13771400
13781401req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1402+ req .RemoteAddr = localIP
13791403w := httptest .NewRecorder ()
13801404state := & WAFState {}
13811405err := middleware .ServeHTTP (w ,req ,mockHandler )
@@ -1429,6 +1453,7 @@ func TestBlockedRequestPhase3_ResponseHeaderRegex_NoSetCookie(t *testing.T) {
14291453}()
14301454
14311455req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1456+ req .RemoteAddr = localIP
14321457w := httptest .NewRecorder ()
14331458state := & WAFState {}
14341459err := middleware .ServeHTTP (w ,req ,mockHandler )
@@ -1477,6 +1502,7 @@ func TestBlockedRequestPhase1_HeaderRegex_CaseInsensitive(t *testing.T) {
14771502}
14781503
14791504req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1505+ req .RemoteAddr = localIP
14801506req .Header .Set ("X-Custom-Header" ,"bAd-VaLuE" )// Test with mixed-case header value
14811507
14821508// Create a context and add logID to it - FIX: ADD CONTEXT HERE
@@ -1529,6 +1555,7 @@ func TestBlockedRequestPhase1_HeaderRegex_MultipleMatchingHeaders(t *testing.T)
15291555}
15301556
15311557req := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1558+ req .RemoteAddr = localIP
15321559req .Header .Set ("X-Custom-Header1" ,"bad-value" )
15331560req .Header .Set ("X-Custom-Header2" ,"bad-value" )// Both headers have a "bad" value
15341561
@@ -1552,6 +1579,7 @@ func TestBlockedRequestPhase1_HeaderRegex_MultipleMatchingHeaders(t *testing.T)
15521579assert .Contains (t ,w .Body .String (),"Blocked by Multiple Matching Headers Regex" ,"Response body should contain 'Blocked by Multiple Matching Headers Regex'" )
15531580
15541581req2 := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1582+ req2 .RemoteAddr = localIP
15551583req2 .Header .Set ("X-Custom-Header1" ,"good-value" )
15561584req2 .Header .Set ("X-Custom-Header2" ,"bad-value" )// One header has a "bad" value
15571585
@@ -1575,6 +1603,7 @@ func TestBlockedRequestPhase1_HeaderRegex_MultipleMatchingHeaders(t *testing.T)
15751603assert .Contains (t ,w2 .Body .String (),"Blocked by Multiple Matching Headers Regex" ,"Response body should contain 'Blocked by Multiple Matching Headers Regex'" )
15761604
15771605req3 := httptest .NewRequest ("GET" ,"http://example.com" ,nil )
1606+ req3 .RemoteAddr = localIP
15781607req3 .Header .Set ("X-Custom-Header1" ,"good-value" )
15791608req3 .Header .Set ("X-Custom-Header2" ,"good-value" )// None headers have a "bad" value
15801609
@@ -1634,7 +1663,7 @@ func TestBlockedRequestPhase1_RateLimiting_MultiplePaths(t *testing.T) {
16341663
16351664// Test path 1
16361665req1 := httptest .NewRequest ("GET" ,"/api/v1/users" ,nil )
1637- req1 .RemoteAddr = "192.168.1.1:12345"
1666+ req1 .RemoteAddr = localIP
16381667w1 := httptest .NewRecorder ()
16391668state1 := & WAFState {}
16401669
@@ -1643,7 +1672,7 @@ func TestBlockedRequestPhase1_RateLimiting_MultiplePaths(t *testing.T) {
16431672assert .Equal (t ,http .StatusOK ,w1 .Code ,"Expected status code 200" )
16441673
16451674req2 := httptest .NewRequest ("GET" ,"/api/v1/users" ,nil )
1646- req2 .RemoteAddr = "192.168.1.1:12345"
1675+ req2 .RemoteAddr = localIP
16471676w2 := httptest .NewRecorder ()
16481677state2 := & WAFState {}
16491678middleware .handlePhase (w2 ,req2 ,1 ,state2 )
@@ -1652,23 +1681,23 @@ func TestBlockedRequestPhase1_RateLimiting_MultiplePaths(t *testing.T) {
16521681
16531682// Test path 2
16541683req3 := httptest .NewRequest ("GET" ,"/admin/dashboard" ,nil )
1655- req3 .RemoteAddr = "192.168.1.1:12345"
1684+ req3 .RemoteAddr = localIP
16561685w3 := httptest .NewRecorder ()
16571686state3 := & WAFState {}
16581687middleware .handlePhase (w3 ,req3 ,1 ,state3 )
16591688assert .False (t ,state3 .Blocked ,"First request to /admin should be allowed" )
16601689assert .Equal (t ,http .StatusOK ,w3 .Code ,"Expected status code 200" )
16611690
16621691req4 := httptest .NewRequest ("GET" ,"/admin/dashboard" ,nil )
1663- req4 .RemoteAddr = "192.168.1.1:12345"
1692+ req4 .RemoteAddr = localIP
16641693w4 := httptest .NewRecorder ()
16651694state4 := & WAFState {}
16661695middleware .handlePhase (w4 ,req4 ,1 ,state4 )
16671696assert .True (t ,state4 .Blocked ,"Second request to /admin should be rate-limited" )
16681697assert .Equal (t ,http .StatusTooManyRequests ,w4 .Code ,"Expected status code 429" )
16691698
16701699req5 := httptest .NewRequest ("GET" ,"/not-rate-limited" ,nil )
1671- req5 .RemoteAddr = "192.168.1.1:12345"
1700+ req5 .RemoteAddr = localIP
16721701w5 := httptest .NewRecorder ()
16731702state5 := & WAFState {}
16741703middleware .handlePhase (w5 ,req5 ,1 ,state5 )
@@ -1704,7 +1733,7 @@ func TestBlockedRequestPhase1_RateLimiting_DifferentIPs(t *testing.T) {
17041733
17051734// Test different IPs
17061735req1 := httptest .NewRequest ("GET" ,"/api/users" ,nil )
1707- req1 .RemoteAddr = "192.168.1.1:12345"
1736+ req1 .RemoteAddr = localIP
17081737w1 := httptest .NewRecorder ()
17091738state1 := & WAFState {}
17101739
@@ -1713,15 +1742,15 @@ func TestBlockedRequestPhase1_RateLimiting_DifferentIPs(t *testing.T) {
17131742assert .Equal (t ,http .StatusOK ,w1 .Code ,"Expected status code 200" )
17141743
17151744req2 := httptest .NewRequest ("GET" ,"/api/users" ,nil )
1716- req2 .RemoteAddr = "192.168.1.2:12345 "
1745+ req2 .RemoteAddr = "192.168.1.2"
17171746w2 := httptest .NewRecorder ()
17181747state2 := & WAFState {}
17191748middleware .handlePhase (w2 ,req2 ,1 ,state2 )
17201749assert .False (t ,state2 .Blocked ,"First request from 192.168.1.2 should be allowed" )
17211750assert .Equal (t ,http .StatusOK ,w2 .Code ,"Expected status code 200" )
17221751
17231752req3 := httptest .NewRequest ("GET" ,"/api/users" ,nil )
1724- req3 .RemoteAddr = "192.168.1.1:12345"
1753+ req3 .RemoteAddr = localIP
17251754w3 := httptest .NewRecorder ()
17261755state3 := & WAFState {}
17271756middleware .handlePhase (w3 ,req3 ,1 ,state3 )
@@ -1757,15 +1786,15 @@ func TestBlockedRequestPhase1_RateLimiting_MatchAllPaths(t *testing.T) {
17571786
17581787// Test with match all paths
17591788req1 := httptest .NewRequest ("GET" ,"/api/users" ,nil )
1760- req1 .RemoteAddr = "192.168.1.1:12345"
1789+ req1 .RemoteAddr = localIP
17611790w1 := httptest .NewRecorder ()
17621791state1 := & WAFState {}
17631792middleware .handlePhase (w1 ,req1 ,1 ,state1 )
17641793assert .False (t ,state1 .Blocked ,"First request to /api/users should be allowed" )
17651794assert .Equal (t ,http .StatusOK ,w1 .Code ,"Expected status code 200" )
17661795
17671796req2 := httptest .NewRequest ("GET" ,"/api/users" ,nil )
1768- req2 .RemoteAddr = "192.168.1.1:12345"
1797+ req2 .RemoteAddr = localIP
17691798w2 := httptest .NewRecorder ()
17701799state2 := & WAFState {}
17711800
@@ -1774,7 +1803,7 @@ func TestBlockedRequestPhase1_RateLimiting_MatchAllPaths(t *testing.T) {
17741803assert .Equal (t ,http .StatusTooManyRequests ,w2 .Code ,"Expected status code 429" )
17751804
17761805req3 := httptest .NewRequest ("GET" ,"/some-other-path" ,nil )
1777- req3 .RemoteAddr = "192.168.1.1:12345"
1806+ req3 .RemoteAddr = localIP
17781807w3 := httptest .NewRecorder ()
17791808state3 := & WAFState {}
17801809middleware .handlePhase (w3 ,req3 ,1 ,state3 )