Skip to content

Commit 9b9f09c

Browse files
committed
Update secret integration test with HTML report.
1 parent 4816724 commit 9b9f09c

File tree

7 files changed

+100
-33
lines changed

7 files changed

+100
-33
lines changed

integration/hurl/tests_ok/secret.err.pattern

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,42 +4,49 @@
44
* Cookie store:
55
*
66
* Request:
7-
* GET http://localhost:8000/secret
7+
* GET http://localhost:8000/secret?q=***
88
* x-secret: ***
9-
* x-secret: BarBar
9+
* x-secret: ***
10+
* x-secret: Secret2
11+
* [Cookies]
12+
* X-SECRET=***
1013
*
1114
* Request can be run with the following curl command:
12-
* curl --request GET --header 'x-secret: ***' --header 'x-secret: BarBar' --header 'Content-Type: application/json' --data $'{\n "query": "***"\n}' 'http://localhost:8000/secret'
15+
* curl --request GET --header 'x-secret: ***' --header 'x-secret: ***' --header 'x-secret: Secret2' --header 'Content-Type: application/json' --data $'{\n "query": "***"\n}' --cookie 'X-SECRET=***' 'http://localhost:8000/secret?q=***'
1316
*
1417
** Host localhost:8000 was resolved.
1518
** IPv6: ::1
1619
** IPv4: 127.0.0.1
1720
** Trying [::1]:8000...
18-
** connect to ::1 port 8000 from ::1 port 55184 failed: Connection refused
21+
** connect to ::1 port 8000 from ::1 port 62530 failed: Connection refused
1922
** Trying 127.0.0.1:8000...
2023
** Connected to localhost (127.0.0.1) port 8000
21-
> GET /secret HTTP/1.1
24+
> GET /secret?q=*** HTTP/1.1
2225
> Host: localhost:8000
2326
> Accept: */*
27+
> Cookie: X-SECRET=***
28+
> x-secret: ***
2429
> x-secret: ***
25-
> x-secret: BarBar
30+
> x-secret: Secret2
2631
> Content-Type: application/json
2732
> User-Agent: hurl/<<<.*?>>>
28-
> Content-Length: 26
33+
> Content-Length: 24
2934
>
3035
* Request body:
3136
* {
3237
* "query": "***"
3338
* }
34-
** upload completely sent off: 26 bytes
39+
** upload completely sent off: 24 bytes
40+
** Added cookie value="***" for domain localhost, path /, expire 0
3541
** Closing connection
36-
* Response: (received 16 bytes in <<<\d+>>> ms)
42+
* Response: (received 20 bytes in <<<\d+>>> ms)
3743
*
3844
< HTTP/1.1 200 OK
3945
< Server: Werkzeug/<<<.*?>>> Python/<<<.*?>>>
4046
< Date: <<<.*?>>>
4147
< Content-Type: application/json
42-
< Content-Length: 16
48+
< Content-Length: 20
49+
< Set-Cookie: value=***; Path=/
4350
< Server: Flask Server
4451
< Connection: close
4552
<
@@ -56,4 +63,7 @@
5663
* pre_transfer: <<<\d+>>> µs
5764
* start_transfer: <<<\d+>>> µs
5865
* total: <<<\d+>>> µs
66+
* Captures:
67+
* value: ***
5968
*
69+
* Writing HTML report to build/secret
Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,14 @@
1-
GET http://localhost:8000/secret
2-
x-secret: barbar
3-
x-secret: BarBar
1+
GET http://localhost:8000/secret?q={{c}}
2+
x-secret: secret2
3+
x-secret: {{b}}
4+
x-secret: Secret2
5+
[Cookies]
6+
X-SECRET: {{b}}
47
{
58
"query": "{{a}}"
69
}
710
HTTP 200
811
[Asserts]
9-
jsonpath "$.value" == "baz"
12+
jsonpath "$.value" == "secret3"
13+
[Captures]
14+
value: jsonpath "$.value"

integration/hurl/tests_ok/secret.ps1

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,25 @@ Set-StrictMode -Version latest
22
$ErrorActionPreference = 'Stop'
33

44
hurl --very-verbose `
5-
--secret a=foofoofoo `
6-
--secret b=barbar `
7-
--secret c=baz `
5+
--secret a=secret1 `
6+
--secret b=secret2 `
7+
--secret c=secret3 `
8+
--report-html build/secret `
89
tests_ok/secret.hurl
10+
11+
$secrets = @("secret1", "secret2", "secret3")
12+
13+
$files = Get-ChildItem -Filter *.html -Recurse build/secret
14+
15+
foreach ($secret in $secrets) {
16+
foreach ($file in $files) {
17+
# Don't search leaks in sources
18+
if ($file.name.EndsWith("source.html")) {
19+
continue
20+
}
21+
if (Get-Content $file | Select-String -CaseSensitive $secret) {
22+
echo "Secret <$secret> have leaked in $file"
23+
exit 1
24+
}
25+
}
26+
}

integration/hurl/tests_ok/secret.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,7 @@
44

55
@app.route("/secret")
66
def secret():
7-
assert request.json == {"query": "foofoofoo"}
8-
return jsonify(value="baz")
7+
assert request.json == {"query": "secret1"}
8+
resp = jsonify(value="secret3")
9+
resp.set_cookie("value", "secret2")
10+
return resp

integration/hurl/tests_ok/secret.sh

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,26 @@
22
set -Eeuo pipefail
33

44
hurl --very-verbose \
5-
--secret a=foofoofoo \
6-
--secret b=barbar \
7-
--secret c=baz \
5+
--secret a=secret1 \
6+
--secret b=secret2 \
7+
--secret c=secret3 \
8+
--report-html build/secret \
89
tests_ok/secret.hurl
10+
11+
secrets=("secret1" "secret2" "secret3")
12+
13+
files=$(find build/secret/*.html build/secret/**/*.html)
14+
15+
for secret in "${secrets[@]}"; do
16+
for file in $files; do
17+
# Don't search leaks in sources
18+
if [[ "$file" == *source.html ]]; then
19+
continue
20+
fi
21+
if grep -q "$secret" "$file"; then
22+
echo "Secret <$secret> have leaked in $file"
23+
exit 1
24+
fi
25+
done
26+
done
27+

integration/hurl/tests_ok/secret_test.ps1

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,20 @@
11
Set-StrictMode -Version latest
22
$ErrorActionPreference = 'Stop'
33

4-
hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err
4+
hurl --test \
5+
--very-verbose \
6+
--secret a=secret1 \
7+
--secret b=secret2 \
8+
--secret c=secret3 \
9+
tests_ok/secret.hurl 2>build/secret_test.err
510

6-
$words=@("foofoofoo", "barbar", "baz")
11+
$secrets = @("secret1", "secret2", "secret3")
712

8-
foreach ($word in $words) {
9-
if (Get-Content build/secret_test.err | Select-String -CaseSensitive $word) {
10-
# Secrets have leaked!
13+
$file = "build/secret_test.err"
14+
15+
foreach ($secret in $secrets) {
16+
if (Get-Content $file | Select-String -CaseSensitive $secret) {
17+
echo "Secret <$secret> have leaked in $file"
1118
exit 1
1219
}
1320
}
14-
Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,20 @@
11
#!/bin/bash
22
set -Eeuo pipefail
33

4-
hurl --test --very-verbose --secret a=foofoofoo --secret b=barbar --secret c=baz tests_ok/secret.hurl 2>build/secret_test.err
4+
hurl --test \
5+
--very-verbose \
6+
--secret a=secret1 \
7+
--secret b=secret2 \
8+
--secret c=secret3 \
9+
tests_ok/secret.hurl 2>build/secret_test.err
510

6-
words=("foofoofoo" "barbar" "baz")
11+
secrets=("secret1" "secret2" "secret3")
712

8-
for word in "${words[@]}"; do
9-
if grep -q "$word" build/secret_test.err; then
10-
# Secrets have leaked!
13+
file="build/secret_test.err"
14+
15+
for secret in "${secrets[@]}"; do
16+
if grep -q "$secret" "$file"; then
17+
echo "Secret <$secret> have leaked in $file"
1118
exit 1
1219
fi
1320
done

0 commit comments

Comments
 (0)