code.cloudfoundry.org/cli@v7.1.0+incompatible/cf/net/request_dumper_test.go (about) 1 package net_test 2 3 import ( 4 "bytes" 5 "net/http" 6 "strings" 7 8 . "code.cloudfoundry.org/cli/cf/net" 9 "code.cloudfoundry.org/cli/cf/trace" 10 . "github.com/onsi/ginkgo" 11 . "github.com/onsi/gomega" 12 ) 13 14 var _ = Describe("RequestDumper", func() { 15 Describe("DumpRequest", func() { 16 var ( 17 printer trace.Printer 18 buffer *bytes.Buffer 19 dumper RequestDumper 20 ) 21 22 BeforeEach(func() { 23 buffer = new(bytes.Buffer) 24 printer = trace.NewWriterPrinter(buffer, false) 25 dumper = NewRequestDumper(printer) 26 }) 27 28 When("the request body is JSON", func() { 29 var ( 30 request *http.Request 31 reqErr error 32 ) 33 34 BeforeEach(func() { 35 bodyString := `{"password":"verysecret","some-field":"some-value"}` 36 request, reqErr = http.NewRequest("GET", "example.com?code=code-from-uri", strings.NewReader(bodyString)) 37 request.Header.Set("Content-Type", "application/json") 38 request.Header.Set("Authorization", "bearer: some-secret-token") 39 request.Header.Set("Set-Cookie", "some-secret-cookie") 40 request.Header.Set("Location", "https://api.cli.fun?code=secret-ssh-code") 41 Expect(reqErr).ToNot(HaveOccurred()) 42 }) 43 44 JustBeforeEach(func() { 45 dumper.DumpRequest(request) 46 }) 47 48 It("redacts code=* from all headers", func() { 49 Expect(buffer.String()).To(ContainSubstring("?code=")) 50 Expect(buffer.String()).ToNot(ContainSubstring("secret-ssh-code")) 51 }) 52 53 It("redacts code=* from the uri", func() { 54 Expect(buffer.String()).To(ContainSubstring("?code=")) 55 Expect(buffer.String()).ToNot(ContainSubstring("code-from-uri")) 56 }) 57 58 It("redacts values from the key 'password'", func() { 59 Expect(buffer.String()).To(ContainSubstring("password")) 60 Expect(buffer.String()).ToNot(ContainSubstring("verysecret")) 61 }) 62 63 It("redacts the authorization header", func() { 64 Expect(buffer.String()).To(ContainSubstring("Authorization")) 65 Expect(buffer.String()).ToNot(ContainSubstring("some-secret-token")) 66 }) 67 68 It("redacts Set-Cookie headers", func() { 69 Expect(buffer.String()).To(ContainSubstring("Set-Cookie: ")) 70 Expect(buffer.String()).ToNot(ContainSubstring("some-secret-cookie")) 71 }) 72 }) 73 74 When("the request body is x-www-form-urlencoded", func() { 75 var ( 76 request *http.Request 77 reqErr error 78 ) 79 80 BeforeEach(func() { 81 bodyString := `grant_type=password&password=somesecret&scope=&username=admin&refresh_token=secret-refresh-token&access_token=secret-access-token` 82 request, reqErr = http.NewRequest("GET", "example.com", strings.NewReader(bodyString)) 83 request.Header.Set("Content-Type", "application/x-www-form-urlencoded") 84 request.Header.Set("Authorization", "bearer: some-secret-token") 85 Expect(reqErr).ToNot(HaveOccurred()) 86 }) 87 88 JustBeforeEach(func() { 89 dumper.DumpRequest(request) 90 }) 91 92 It("redacts the value from keys called 'password'", func() { 93 Expect(buffer.String()).To(ContainSubstring("password")) 94 Expect(buffer.String()).ToNot(ContainSubstring("somesecret")) 95 }) 96 97 It("redacts the authorization header", func() { 98 Expect(buffer.String()).To(ContainSubstring("Authorization: ")) 99 Expect(buffer.String()).ToNot(ContainSubstring("some-secret-token")) 100 }) 101 102 It("redacts fields containing 'token'", func() { 103 Expect(buffer.String()).To(ContainSubstring("refresh_token=")) 104 Expect(buffer.String()).ToNot(ContainSubstring("secret-refresh-token")) 105 Expect(buffer.String()).To(ContainSubstring("access_token=")) 106 Expect(buffer.String()).ToNot(ContainSubstring("secret-access-token")) 107 }) 108 }) 109 }) 110 })