Mercurial > stress-tester
changeset 452:03d58388d5fb
HttpCsrfFilter - debug logs and tests
| author | Devel 1 |
|---|---|
| date | Mon, 31 Jul 2017 15:22:38 +0200 |
| parents | e4ec98696716 |
| children | 1fadccfcb2db |
| files | stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java |
| diffstat | 2 files changed, 30 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java Mon Jul 31 15:07:55 2017 +0200 +++ b/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java Mon Jul 31 15:22:38 2017 +0200 @@ -18,6 +18,7 @@ import com.passus.net.http.HttpRequest; import com.passus.net.http.HttpResponse; import com.passus.st.ParametersBag; +import static com.passus.st.client.http.HttpConsts.TAG_SESSION_ID; import com.passus.st.client.http.HttpFlowContext; import com.passus.st.plugin.PluginConstants; import com.passus.st.validation.HeaderNameValidator; @@ -61,6 +62,7 @@ public ByteString extract(HttpMessage msg) { HttpCookie cookie = HELPER.getCookie(msg, cookieName); if (cookie != null) { + LOGGER.debug("extracting token {} (cookie)", cookie.getValue()); return cookie.getValue(); } @@ -83,7 +85,9 @@ @Override public ByteString extract(HttpMessage msg) { - return msg.getHeaders().get(headerName); + ByteString token = msg.getHeaders().get(headerName); + LOGGER.debug("extracting token {} (header)", token); + return token; } } @@ -107,6 +111,7 @@ @Override public void inject(HttpMessage msg, ByteString csrfToken) { + LOGGER.debug("injecting token {} (header)", csrfToken); msg.getHeaders().set(headerName, csrfToken); } } @@ -126,6 +131,7 @@ @Override public void inject(HttpMessage msg, ByteString csrfToken) { + LOGGER.debug("injecting token {} (cookie)", csrfToken); HELPER.updateCookieValue(msg, cookieName, csrfToken); } } @@ -153,14 +159,18 @@ if (tokens == null) { tokens = new LinkedList<>(); put(session, tokens); + LOGGER.debug("creating token queue"); } + LOGGER.debug("saving token {}", token); tokens.add(token); } @Override public ByteString load(ParametersBag session) { Queue<ByteString> tokens = (Queue<ByteString>) get(session); - return tokens == null ? null : tokens.poll(); + ByteString token = tokens == null ? null : tokens.poll(); + LOGGER.debug("loading token {}", token); + return token; } } @@ -168,12 +178,15 @@ @Override public void save(ParametersBag session, ByteString token) { + LOGGER.debug("saving token {}", token); put(session, token); } @Override public ByteString load(ParametersBag session) { - return (ByteString) get(session); + ByteString token = (ByteString) get(session); + LOGGER.debug("loading token {}", token); + return token; } } @@ -282,6 +295,9 @@ ParametersBag session = context.scopes().getSession(resp); if (session != null) { tokenStore.save(session, token); + } else { + LOGGER.debug("no session for request {} / response {}", + request.getTag(TAG_SESSION_ID), resp.getTag(TAG_SESSION_ID)); } } }
--- a/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java Mon Jul 31 15:07:55 2017 +0200 +++ b/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java Mon Jul 31 15:22:38 2017 +0200 @@ -59,6 +59,17 @@ } @Test + public void testCookieInjector() { + CookieInjector injector = new CookieInjector("x_csrf_token"); + HttpRequest req = HttpRequestBuilder.get("http://test/test1") + .cookie("x_csrf_token", "oldValue") + .build(); + + injector.inject(req, ByteString.create("newValue")); + assertEquals("x_csrf_token=newValue", req.getHeaders().get("Cookie").toString()); + } + + @Test public void testHeaderInjector() { HeaderInjector injector = new HeaderInjector("x-csrf-token"); HttpRequest req = HttpRequestBuilder.get("http://test/test1")