Update secret integration test with HTML report.

Author: jcamiel

integration/hurl/tests_ok/secret.err.pattern

@@ -4,42 +4,49 @@
 * Cookie store:
 *
 * Request:
-* GET http://localhost:8000/secret
+* GET http://localhost:8000/secret?q=***
 * x-secret: ***
-* x-secret: BarBar
+* x-secret: ***
+* x-secret: Secret2
+* [Cookies]
+* X-SECRET=***
 *
 * Request can be run with the following curl command:
-* curl --request GET --header 'x-secret: ***' --header 'x-secret: BarBar' --header 'Content-Type: application/json' --data $'{\n  "query": "***"\n}' 'http://localhost:8000/secret'
+* curl --request GET --header 'x-secret: ***' --header 'x-secret: ***' --header 'x-secret: Secret2' --header 'Content-Type: application/json' --data $'{\n  "query": "***"\n}' --cookie 'X-SECRET=***' 'http://localhost:8000/secret?q=***'
 *
 ** Host localhost:8000 was resolved.
 ** IPv6: ::1
 ** IPv4: 127.0.0.1
 **   Trying [::1]:8000...
-** connect to ::1 port 8000 from ::1 port 55184 failed: Connection refused
+** connect to ::1 port 8000 from ::1 port 62530 failed: Connection refused
 **   Trying 127.0.0.1:8000...
 ** Connected to localhost (127.0.0.1) port 8000
-> GET /secret HTTP/1.1
+> GET /secret?q=*** HTTP/1.1
 > Host: localhost:8000
 > Accept: */*
+> Cookie: X-SECRET=***
+> x-secret: ***
 > x-secret: ***
-> x-secret: BarBar
+> x-secret: Secret2
 > Content-Type: application/json
 > User-Agent: hurl/<<<.*?>>>
-> Content-Length: 26
+> Content-Length: 24
 >
 * Request body:
 * {
 *   "query": "***"
 * }
-** upload completely sent off: 26 bytes
+** upload completely sent off: 24 bytes
+** Added cookie value="***" for domain localhost, path /, expire 0
 ** Closing connection
-* Response: (received 16 bytes in <<<\d+>>> ms)
+* Response: (received 20 bytes in <<<\d+>>> ms)
 *
 < HTTP/1.1 200 OK
 < Server: Werkzeug/<<<.*?>>> Python/<<<.*?>>>
 < Date: <<<.*?>>>
 < Content-Type: application/json
-< Content-Length: 16
+< Content-Length: 20
+< Set-Cookie: value=***; Path=/
 < Server: Flask Server
 < Connection: close
 <
@@ -56,4 +63,7 @@
 * pre_transfer: <<<\d+>>> µs
 * start_transfer: <<<\d+>>> µs
 * total: <<<\d+>>> µs
+* Captures:
+* value: ***
 *
+* Writing HTML report to build/secret

integration/hurl/tests_ok/secret.hurl

@@ -1,9 +1,14 @@
-GET http://localhost:8000/secret
-x-secret: barbar
-x-secret: BarBar
+GET http://localhost:8000/secret?q={{c}}
+x-secret: secret2
+x-secret: {{b}}
+x-secret: Secret2
+[Cookies]
+X-SECRET: {{b}}
 {
   "query": "{{a}}"
 }
 HTTP 200
 [Asserts]
-jsonpath "$.value" == "baz"
+jsonpath "$.value" == "secret3"
+[Captures]
+value: jsonpath "$.value"

integration/hurl/tests_ok/secret.ps1

@@ -2,7 +2,25 @@ Set-StrictMode -Version latest
 $ErrorActionPreference = 'Stop'
 
 hurl --very-verbose `
-    --secret a=foofoofoo `
-    --secret b=barbar `
-    --secret c=baz `
+    --secret a=secret1 `
+    --secret b=secret2 `
+    --secret c=secret3 `
+    --report-html build/secret `
     tests_ok/secret.hurl
+
+$secrets = @("secret1", "secret2", "secret3")
+
+$files = Get-ChildItem -Filter *.html -Recurse build/secret
+
+foreach ($secret in $secrets) {
+    foreach ($file in $files) {
+        # Don't search leaks in sources
+        if ($file.name.EndsWith("source.html")) {
+            continue
+        }
+        if (Get-Content $file | Select-String -CaseSensitive $secret) {
+            echo "Secret <$secret> have leaked in $file"
+            exit 1
+        }
+    }
+}

integration/hurl/tests_ok/secret.py

@@ -4,5 +4,7 @@
 
 @app.route("/secret")
 def secret():
-    assert request.json == {"query": "foofoofoo"}
-    return jsonify(value="baz")
+    assert request.json == {"query": "secret1"}
+    resp = jsonify(value="secret3")
+    resp.set_cookie("value", "secret2")
+    return resp

integration/hurl/tests_ok/secret.sh

@@ -2,7 +2,26 @@
 set -Eeuo pipefail
 
 hurl --very-verbose \
-    --secret a=foofoofoo \
-    --secret b=barbar \
-    --secret c=baz \
+    --secret a=secret1 \
+    --secret b=secret2 \
+    --secret c=secret3 \
+    --report-html build/secret \
     tests_ok/secret.hurl
+
+secrets=("secret1" "secret2" "secret3")
+
+files=$(find build/secret/*.html build/secret/**/*.html)
+
+for secret in "${secrets[@]}"; do
+  for file in $files; do
+    # Don't search leaks in sources
+    if [[ "$file" == *source.html ]]; then
+      continue
+    fi
+    if grep -q "$secret" "$file"; then
+        echo "Secret <$secret> have leaked in $file"
+        exit 1
+    fi
+  done
+done
+

integration/hurl/tests_ok/secret_test.ps1

@@ -1,14 +1,20 @@
 Set-StrictMode -Version latest
 $ErrorActionPreference = 'Stop'
 
-hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err
+hurl --test \
+    --very-verbose \
+    --secret a=secret1 \
+    --secret b=secret2 \
+    --secret c=secret3 \
+    tests_ok/secret.hurl 2>build/secret_test.err
 
-$words=@("foofoofoo", "barbar", "baz")
+$secrets = @("secret1", "secret2", "secret3")
 
-foreach ($word in $words) {
-    if (Get-Content build/secret_test.err | Select-String -CaseSensitive $word) {
-        # Secrets have leaked!
+$file = "build/secret_test.err"
+
+foreach ($secret in $secrets) {
+    if (Get-Content $file | Select-String -CaseSensitive $secret) {
+        echo "Secret <$secret> have leaked in $file"
         exit 1
     }
 }
-

integration/hurl/tests_ok/secret_test.sh

@@ -1,13 +1,20 @@
 #!/bin/bash
 set -Eeuo pipefail
 
-hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err
+hurl --test \
+    --very-verbose \
+    --secret a=secret1 \
+    --secret b=secret2 \
+    --secret c=secret3 \
+    tests_ok/secret.hurl 2>build/secret_test.err
 
-words=("foofoofoo" "barbar" "baz")
+secrets=("secret1" "secret2" "secret3")
 
-for word in "${words[@]}"; do
-  if grep -q "$word" build/secret_test.err; then
-      # Secrets have leaked!
+file="build/secret_test.err"
+
+for secret in "${secrets[@]}"; do
+  if grep -q "$secret" "$file"; then
+      echo "Secret <$secret> have leaked in $file"
       exit 1
   fi
 done