8294d6ee49
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests. - Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency. - Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript. - Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches. - Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
116 lines
2.9 KiB
Go
116 lines
2.9 KiB
Go
package middleware
|
|
|
|
import (
|
|
"bytes"
|
|
"log"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/logger"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func TestRecoveryLogsStacktraceVerbose(t *testing.T) {
|
|
old := log.Writer()
|
|
buf := &bytes.Buffer{}
|
|
log.SetOutput(buf)
|
|
defer log.SetOutput(old)
|
|
// Ensure structured logger writes to the same buffer and enable debug
|
|
logger.Init(true, buf)
|
|
|
|
router := gin.New()
|
|
router.Use(RequestID())
|
|
router.Use(Recovery(true))
|
|
router.GET("/panic", func(c *gin.Context) {
|
|
panic("test panic")
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/panic", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusInternalServerError {
|
|
t.Fatalf("expected status 500, got %d", w.Code)
|
|
}
|
|
|
|
out := buf.String()
|
|
if !strings.Contains(out, "PANIC: test panic") {
|
|
t.Fatalf("log did not include panic message: %s", out)
|
|
}
|
|
if !strings.Contains(out, "Stacktrace:") {
|
|
t.Fatalf("verbose log did not include stack trace: %s", out)
|
|
}
|
|
if !strings.Contains(out, "request_id") {
|
|
t.Fatalf("verbose log did not include request_id: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestRecoveryLogsBriefWhenNotVerbose(t *testing.T) {
|
|
old := log.Writer()
|
|
buf := &bytes.Buffer{}
|
|
log.SetOutput(buf)
|
|
defer log.SetOutput(old)
|
|
|
|
// Ensure structured logger writes to the same buffer and keep debug off
|
|
logger.Init(false, buf)
|
|
router := gin.New()
|
|
router.Use(RequestID())
|
|
router.Use(Recovery(false))
|
|
router.GET("/panic", func(c *gin.Context) {
|
|
panic("brief panic")
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/panic", http.NoBody)
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusInternalServerError {
|
|
t.Fatalf("expected status 500, got %d", w.Code)
|
|
}
|
|
|
|
out := buf.String()
|
|
if !strings.Contains(out, "PANIC: brief panic") {
|
|
t.Fatalf("log did not include panic message: %s", out)
|
|
}
|
|
if strings.Contains(out, "Stacktrace:") {
|
|
t.Fatalf("non-verbose log unexpectedly included stacktrace: %s", out)
|
|
}
|
|
}
|
|
|
|
func TestRecoverySanitizesHeadersAndPath(t *testing.T) {
|
|
old := log.Writer()
|
|
buf := &bytes.Buffer{}
|
|
log.SetOutput(buf)
|
|
defer log.SetOutput(old)
|
|
|
|
// Ensure structured logger writes to the same buffer and enable debug
|
|
logger.Init(true, buf)
|
|
|
|
router := gin.New()
|
|
router.Use(RequestID())
|
|
router.Use(Recovery(true))
|
|
router.GET("/panic", func(c *gin.Context) {
|
|
panic("sensitive panic")
|
|
})
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/panic", http.NoBody)
|
|
// Add sensitive header that should be redacted
|
|
req.Header.Set("Authorization", "Bearer secret-token")
|
|
w := httptest.NewRecorder()
|
|
router.ServeHTTP(w, req)
|
|
|
|
if w.Code != http.StatusInternalServerError {
|
|
t.Fatalf("expected status 500, got %d", w.Code)
|
|
}
|
|
|
|
out := buf.String()
|
|
if strings.Contains(out, "secret-token") {
|
|
t.Fatalf("log contained sensitive token: %s", out)
|
|
}
|
|
if !strings.Contains(out, "<redacted>") {
|
|
t.Fatalf("log did not include redaction marker: %s", out)
|
|
}
|
|
}
|