akanealw
eec8c28fb3
Go Benchmark / Performance Regression Check (push) Has been cancelled
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Quality Checks / Backend (Go) (push) Has been cancelled
Quality Checks / Frontend (React) (push) Has been cancelled
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
WAF integration / Coraza WAF Integration (push) Has been cancelled
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Repo Health Check / Repo health (push) Has been cancelled
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Prune Renovate Branches / prune (push) Has been cancelled
Renovate / renovate (push) Has been cancelled
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
Update GeoLite2 Checksum / update-checksum (push) Has been cancelled
Container Registry Prune / prune-ghcr (push) Has been cancelled
Container Registry Prune / prune-dockerhub (push) Has been cancelled
Container Registry Prune / summarize (push) Has been cancelled
Supply Chain Verification / Verify SBOM (push) Has been cancelled
Supply Chain Verification / Verify Release Artifacts (push) Has been cancelled
Supply Chain Verification / Verify Docker Image Supply Chain (push) Has been cancelled
Monitor Caddy Major Release / check-caddy-major (push) Has been cancelled
Weekly Nightly to Main Promotion / Verify Nightly Branch Health (push) Has been cancelled
Weekly Nightly to Main Promotion / Create Promotion PR (push) Has been cancelled
Weekly Nightly to Main Promotion / Trigger Missing Required Checks (push) Has been cancelled
Weekly Nightly to Main Promotion / Notify on Failure (push) Has been cancelled
Weekly Nightly to Main Promotion / Workflow Summary (push) Has been cancelled
Weekly Security Rebuild / Security Rebuild & Scan (push) Has been cancelled
125 lines
3.4 KiB
Go
Executable File
125 lines
3.4 KiB
Go
Executable File
//go:build integration
|
|
// +build integration
|
|
|
|
package integration
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"sync/atomic"
|
|
"testing"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/notifications"
|
|
)
|
|
|
|
func TestNotificationHTTPWrapperIntegration_RetriesOn429AndSucceeds(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
var calls int32
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
current := atomic.AddInt32(&calls, 1)
|
|
if current == 1 {
|
|
w.WriteHeader(http.StatusTooManyRequests)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte(`{"ok":true}`))
|
|
}))
|
|
defer server.Close()
|
|
|
|
wrapper := notifications.NewNotifyHTTPWrapper()
|
|
result, err := wrapper.Send(context.Background(), notifications.HTTPWrapperRequest{
|
|
URL: server.URL,
|
|
Body: []byte(`{"message":"hello"}`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("expected retry success, got error: %v", err)
|
|
}
|
|
if result.Attempts != 2 {
|
|
t.Fatalf("expected 2 attempts, got %d", result.Attempts)
|
|
}
|
|
}
|
|
|
|
func TestNotificationHTTPWrapperIntegration_DoesNotRetryOn400(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
var calls int32
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
atomic.AddInt32(&calls, 1)
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
}))
|
|
defer server.Close()
|
|
|
|
wrapper := notifications.NewNotifyHTTPWrapper()
|
|
_, err := wrapper.Send(context.Background(), notifications.HTTPWrapperRequest{
|
|
URL: server.URL,
|
|
Body: []byte(`{"message":"hello"}`),
|
|
})
|
|
if err == nil {
|
|
t.Fatalf("expected non-retryable 400 error")
|
|
}
|
|
if atomic.LoadInt32(&calls) != 1 {
|
|
t.Fatalf("expected one request attempt, got %d", calls)
|
|
}
|
|
}
|
|
|
|
func TestNotificationHTTPWrapperIntegration_RejectsTokenizedQueryWithoutEcho(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
wrapper := notifications.NewNotifyHTTPWrapper()
|
|
secret := "pr1-secret-token-value"
|
|
_, err := wrapper.Send(context.Background(), notifications.HTTPWrapperRequest{
|
|
URL: "http://example.com/hook?token=" + secret,
|
|
Body: []byte(`{"message":"hello"}`),
|
|
})
|
|
if err == nil {
|
|
t.Fatalf("expected tokenized query rejection")
|
|
}
|
|
if !strings.Contains(err.Error(), "query authentication is not allowed") {
|
|
t.Fatalf("expected sanitized query-auth rejection, got: %v", err)
|
|
}
|
|
if strings.Contains(err.Error(), secret) {
|
|
t.Fatalf("error must not echo secret token")
|
|
}
|
|
}
|
|
|
|
func TestNotificationHTTPWrapperIntegration_HeaderAllowlistSafety(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
var seenAuthHeader string
|
|
var seenCookieHeader string
|
|
var seenGotifyKey string
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
seenAuthHeader = r.Header.Get("Authorization")
|
|
seenCookieHeader = r.Header.Get("Cookie")
|
|
seenGotifyKey = r.Header.Get("X-Gotify-Key")
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
defer server.Close()
|
|
|
|
wrapper := notifications.NewNotifyHTTPWrapper()
|
|
_, err := wrapper.Send(context.Background(), notifications.HTTPWrapperRequest{
|
|
URL: server.URL,
|
|
Headers: map[string]string{
|
|
"Authorization": "Bearer should-not-leak",
|
|
"Cookie": "session=should-not-leak",
|
|
"X-Gotify-Key": "allowed-token",
|
|
},
|
|
Body: []byte(`{"message":"hello"}`),
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("expected success, got error: %v", err)
|
|
}
|
|
if seenAuthHeader != "" {
|
|
t.Fatalf("authorization header must be stripped")
|
|
}
|
|
if seenCookieHeader != "" {
|
|
t.Fatalf("cookie header must be stripped")
|
|
}
|
|
if seenGotifyKey != "allowed-token" {
|
|
t.Fatalf("expected X-Gotify-Key to pass through")
|
|
}
|
|
}
|