From bc414f836f0d50249770a4ff4ff855ae07f42529 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Amiel Date: Thu, 19 Dec 2024 13:16:05 +0100 Subject: [PATCH] Update secret integration test with HTML report. --- integration/hurl/tests_ok/secret.err.pattern | 30 +++++++++++++------- integration/hurl/tests_ok/secret.hurl | 13 ++++++--- integration/hurl/tests_ok/secret.ps1 | 24 ++++++++++++++-- integration/hurl/tests_ok/secret.py | 6 ++-- integration/hurl/tests_ok/secret.sh | 25 ++++++++++++++-- integration/hurl/tests_ok/secret_test.ps1 | 18 ++++++++---- integration/hurl/tests_ok/secret_test.sh | 17 +++++++---- 7 files changed, 100 insertions(+), 33 deletions(-) diff --git a/integration/hurl/tests_ok/secret.err.pattern b/integration/hurl/tests_ok/secret.err.pattern index af9c4c16510..ba5ab4992c4 100644 --- a/integration/hurl/tests_ok/secret.err.pattern +++ b/integration/hurl/tests_ok/secret.err.pattern @@ -4,42 +4,49 @@ * Cookie store: * * Request: -* GET http://localhost:8000/secret +* GET http://localhost:8000/secret?q=*** * x-secret: *** -* x-secret: BarBar +* x-secret: *** +* x-secret: Secret2 +* [Cookies] +* X-SECRET=*** * * Request can be run with the following curl command: -* curl --request GET --header 'x-secret: ***' --header 'x-secret: BarBar' --header 'Content-Type: application/json' --data $'{\n "query": "***"\n}' 'http://localhost:8000/secret' +* curl --request GET --header 'x-secret: ***' --header 'x-secret: ***' --header 'x-secret: Secret2' --header 'Content-Type: application/json' --data $'{\n "query": "***"\n}' --cookie 'X-SECRET=***' 'http://localhost:8000/secret?q=***' * ** Host localhost:8000 was resolved. ** IPv6: ::1 ** IPv4: 127.0.0.1 ** Trying [::1]:8000... -** connect to ::1 port 8000 from ::1 port 55184 failed: Connection refused +** connect to ::1 port 8000 from ::1 port 62530 failed: Connection refused ** Trying 127.0.0.1:8000... ** Connected to localhost (127.0.0.1) port 8000 -> GET /secret HTTP/1.1 +> GET /secret?q=*** HTTP/1.1 > Host: localhost:8000 > Accept: */* +> Cookie: X-SECRET=*** +> x-secret: *** > x-secret: *** -> x-secret: BarBar +> x-secret: Secret2 > Content-Type: application/json > User-Agent: hurl/<<<.*?>>> -> Content-Length: 26 +> Content-Length: 24 > * Request body: * { * "query": "***" * } -** upload completely sent off: 26 bytes +** upload completely sent off: 24 bytes +** Added cookie value="***" for domain localhost, path /, expire 0 ** Closing connection -* Response: (received 16 bytes in <<<\d+>>> ms) +* Response: (received 20 bytes in <<<\d+>>> ms) * < HTTP/1.1 200 OK < Server: Werkzeug/<<<.*?>>> Python/<<<.*?>>> < Date: <<<.*?>>> < Content-Type: application/json -< Content-Length: 16 +< Content-Length: 20 +< Set-Cookie: value=***; Path=/ < Server: Flask Server < Connection: close < @@ -56,4 +63,7 @@ * pre_transfer: <<<\d+>>> µs * start_transfer: <<<\d+>>> µs * total: <<<\d+>>> µs +* Captures: +* value: *** * +* Writing HTML report to build/secret diff --git a/integration/hurl/tests_ok/secret.hurl b/integration/hurl/tests_ok/secret.hurl index 736e3c0d394..aef942cfe89 100644 --- a/integration/hurl/tests_ok/secret.hurl +++ b/integration/hurl/tests_ok/secret.hurl @@ -1,9 +1,14 @@ -GET http://localhost:8000/secret -x-secret: barbar -x-secret: BarBar +GET http://localhost:8000/secret?q={{c}} +x-secret: secret2 +x-secret: {{b}} +x-secret: Secret2 +[Cookies] +X-SECRET: {{b}} { "query": "{{a}}" } HTTP 200 +[Captures] +value: jsonpath "$.value" [Asserts] -jsonpath "$.value" == "baz" +jsonpath "$.value" == "secret3" diff --git a/integration/hurl/tests_ok/secret.ps1 b/integration/hurl/tests_ok/secret.ps1 index 70b6552568d..7a36175dad0 100644 --- a/integration/hurl/tests_ok/secret.ps1 +++ b/integration/hurl/tests_ok/secret.ps1 @@ -2,7 +2,25 @@ Set-StrictMode -Version latest $ErrorActionPreference = 'Stop' hurl --very-verbose ` - --secret a=foofoofoo ` - --secret b=barbar ` - --secret c=baz ` + --secret a=secret1 ` + --secret b=secret2 ` + --secret c=secret3 ` + --report-html build/secret ` tests_ok/secret.hurl + +$secrets = @("secret1", "secret2", "secret3") + +$files = Get-ChildItem -Filter *.html -Recurse build/secret + +foreach ($secret in $secrets) { + foreach ($file in $files) { + # Don't search leaks in sources + if ($file.name.EndsWith("source.html")) { + continue + } + if (Get-Content $file | Select-String -CaseSensitive $secret) { + echo "Secret <$secret> have leaked in $file" + exit 1 + } + } +} diff --git a/integration/hurl/tests_ok/secret.py b/integration/hurl/tests_ok/secret.py index 92f567b3bac..74cd913896b 100644 --- a/integration/hurl/tests_ok/secret.py +++ b/integration/hurl/tests_ok/secret.py @@ -4,5 +4,7 @@ @app.route("/secret") def secret(): - assert request.json == {"query": "foofoofoo"} - return jsonify(value="baz") + assert request.json == {"query": "secret1"} + resp = jsonify(value="secret3") + resp.set_cookie("value", "secret2") + return resp diff --git a/integration/hurl/tests_ok/secret.sh b/integration/hurl/tests_ok/secret.sh index 3d1d2e20960..f7a6c33afb3 100755 --- a/integration/hurl/tests_ok/secret.sh +++ b/integration/hurl/tests_ok/secret.sh @@ -2,7 +2,26 @@ set -Eeuo pipefail hurl --very-verbose \ - --secret a=foofoofoo \ - --secret b=barbar \ - --secret c=baz \ + --secret a=secret1 \ + --secret b=secret2 \ + --secret c=secret3 \ + --report-html build/secret \ tests_ok/secret.hurl + +secrets=("secret1" "secret2" "secret3") + +files=$(find build/secret/*.html build/secret/**/*.html) + +for secret in "${secrets[@]}"; do + for file in $files; do + # Don't search leaks in sources + if [[ "$file" == *source.html ]]; then + continue + fi + if grep -q "$secret" "$file"; then + echo "Secret <$secret> have leaked in $file" + exit 1 + fi + done +done + diff --git a/integration/hurl/tests_ok/secret_test.ps1 b/integration/hurl/tests_ok/secret_test.ps1 index 7b1f2b9c5fc..d4df355ac17 100644 --- a/integration/hurl/tests_ok/secret_test.ps1 +++ b/integration/hurl/tests_ok/secret_test.ps1 @@ -1,14 +1,20 @@ Set-StrictMode -Version latest $ErrorActionPreference = 'Stop' -hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err +hurl --test \ + --very-verbose \ + --secret a=secret1 \ + --secret b=secret2 \ + --secret c=secret3 \ + tests_ok/secret.hurl 2>build/secret_test.err -$words=@("foofoofoo", "barbar", "baz") +$secrets = @("secret1", "secret2", "secret3") -foreach ($word in $words) { - if (Get-Content build/secret_test.err | Select-String -CaseSensitive $word) { - # Secrets have leaked! +$file = "build/secret_test.err" + +foreach ($secret in $secrets) { + if (Get-Content $file | Select-String -CaseSensitive $secret) { + echo "Secret <$secret> have leaked in $file" exit 1 } } - diff --git a/integration/hurl/tests_ok/secret_test.sh b/integration/hurl/tests_ok/secret_test.sh index 19680a02569..c9b6c7300e9 100755 --- a/integration/hurl/tests_ok/secret_test.sh +++ b/integration/hurl/tests_ok/secret_test.sh @@ -1,13 +1,20 @@ #!/bin/bash set -Eeuo pipefail -hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err +hurl --test \ + --very-verbose \ + --secret a=secret1 \ + --secret b=secret2 \ + --secret c=secret3 \ + tests_ok/secret.hurl 2>build/secret_test.err -words=("foofoofoo" "barbar" "baz") +secrets=("secret1" "secret2" "secret3") -for word in "${words[@]}"; do - if grep -q "$word" build/secret_test.err; then - # Secrets have leaked! +file="build/secret_test.err" + +for secret in "${secrets[@]}"; do + if grep -q "$secret" "$file"; then + echo "Secret <$secret> have leaked in $file" exit 1 fi done