vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
bee801694aa5c22cc8fa363e33717a649cd18051
vm-cloudflare/tests/test_waf_intelligence_analyzer.py
Vault Sovereign f0b8d962de
Some checks failed
WAF Intelligence Guardrail / waf-intel (push) Waiting to run
Details
Cloudflare Registry Validation / validate-registry (push) Has been cancelled
Details
chore: pre-migration snapshot 
Layer0, MCP servers, Terraform consolidation
2025-12-27 01:52:27 +00:00

44 lines
1.1 KiB
Python
Raw Blame History

from mcp.waf_intelligence.analyzer import WAFRuleAnalyzer
def test_analyzer_detects_managed_waf_ruleset():
analyzer = WAFRuleAnalyzer()
tf = """
resource "cloudflare_ruleset" "managed_waf" {
name = "Managed WAF"
kind = "zone"
phase = "http_request_firewall_managed"
rules {
action = "execute"
action_parameters {
id = "efb7b8c949ac4650a09736fc376e9aee"
}
expression = "true"
description = "Execute Cloudflare Managed Ruleset"
enabled = true
}
}
"""
result = analyzer.analyze_terraform_text("snippet.tf", tf, min_severity="warning")
assert result.violations == []
def test_analyzer_warns_when_managed_waf_missing():
analyzer = WAFRuleAnalyzer()
tf = """
resource "cloudflare_ruleset" "security_rules" {
name = "Security Rules"
kind = "zone"
phase = "http_request_firewall_custom"
}
"""
result = analyzer.analyze_terraform_text("snippet.tf", tf, min_severity="warning")
assert [v.message for v in result.violations] == [
"No managed WAF rules detected in this snippet."
]
Reference in New Issue View Git Blame Copy Permalink