Mercurial > stress-tester

changeset 480:17ebea60b229

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ST-60 in progress
author Devel 1
date Tue, 08 Aug 2017 12:55:07 +0200
parents 717b8d9db5b6
children a150f3998b1c
files stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormExtractor.java stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormFilter.java stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormExtractorTest.java stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormFilterTest.java
diffstat 4 files changed, 19 insertions(+), 46 deletions(-) [+]
line wrap: on
line diff
--- a/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormExtractor.java	Tue Aug 08 12:39:51 2017 +0200
+++ b/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormExtractor.java	Tue Aug 08 12:55:07 2017 +0200
@@ -64,7 +64,7 @@
         return baseUri.substring(0, idx) + '/' + formAction;
     }
 
-    static TokenEntry extract(String formString, String inputId, String inputName, String uri) {
+    static TokenEntry extract(String formString, String inputName, String uri) {
         Document root = Jsoup.parse(formString);
         Elements forms = root.getElementsByTag(TAG_FORM);
         if (forms.size() != 1) {
@@ -78,11 +78,6 @@
             if (!input.attr("type").equals("hidden")) {
                 continue;
             }
-            if (inputId != null) {
-                if (!inputId.equals(input.id())) {
-                    continue;
-                }
-            }
             if (inputName != null) {
                 if (!inputName.equals(input.attr("name"))) {
                     continue;
@@ -99,16 +94,15 @@
         String action = form.attr(ATTR_ACTION);
         action = resolveAction(action, uri);
         String method = form.attr(ATTR_METHOD);
-        String name = form.attr(ATTR_NAME);
         String value = tokenInput.attr(ATTR_VALUE);
-        return new TokenEntry(action, method, name, value);
+        return new TokenEntry(action, method, value);
     }
 
-    public static List<TokenEntry> extractAll(String document, String inputId, String inputName, String uri) {
+    public static List<TokenEntry> extractAll(String document, String inputName, String uri) {
         List<FormBoundary> forms = scan(document);
         List<TokenEntry> result = new ArrayList<>(forms.size());
         for (FormBoundary form : forms) {
-            TokenEntry entry = extract(document.substring(form.start, form.end), inputId, inputName, uri);
+            TokenEntry entry = extract(document.substring(form.start, form.end), inputName, uri);
             if (entry != null) {
                 result.add(entry);
             }
@@ -131,19 +125,17 @@
 
         final String action;
         final String method;
-        final String name;
         final String value;
 
-        public TokenEntry(String action, String method, String name, String value) {
+        public TokenEntry(String action, String method, String value) {
             this.action = action;
             this.method = method;
-            this.name = name;
             this.value = value;
         }
 
         @Override
         public String toString() {
-            return "TokenEntry{" + "action=" + action + ", method=" + method + ", name=" + name + ", value=" + value + '}';
+            return "TokenEntry{" + "action=" + action + ", method=" + method + ", value=" + value + '}';
         }
     }
 
--- a/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormFilter.java	Tue Aug 08 12:39:51 2017 +0200
+++ b/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFormFilter.java	Tue Aug 08 12:55:07 2017 +0200
@@ -4,7 +4,6 @@
 import com.passus.data.HeapByteBuff;
 import com.passus.net.http.HttpContentType;
 import com.passus.net.http.HttpMessageHelper;
-import com.passus.net.http.HttpMethod;
 import com.passus.net.http.HttpParameters;
 import com.passus.net.http.HttpRequest;
 import com.passus.net.http.HttpResponse;
@@ -27,7 +26,6 @@
  * @author mikolaj.podbielski
  */
 public class HttpCsrfFormFilter extends HttpFilter {
-    // TODO: form name
 
     private static final Set<String> CONTENT_TYPES_TO_SCAN = new HashSet<>(Arrays.asList(
             "text/html", "application/xhtml+xml"
@@ -40,17 +38,12 @@
     private final HttpMessageHelper helper = new HttpMessageHelper(); // needs instance, because header decoders are not thread safe
 
     private String inputName;
-    private String inputId;
     private Set<ByteString> contentTypesToScan = CONTENT_TYPES_TO_SCAN.stream().map(ByteString::create).collect(Collectors.toSet());
 
     public void setInputName(String inputName) {
         this.inputName = inputName;
     }
 
-    public void setInputId(String inputId) {
-        this.inputId = inputId;
-    }
-
     @Override
     public int filterOutbound(HttpRequest request, HttpResponse resp, HttpFlowContext context) {
         ParametersBag session = context.scopes().getSession(request, false);
@@ -95,7 +88,7 @@
                     session.set(SESSION_KEY, tokens);
                 }
 
-                List<TokenEntry> entries = HttpCsrfFormExtractor.extractAll(content, inputId, inputName, request.getUri().toString());
+                List<TokenEntry> entries = HttpCsrfFormExtractor.extractAll(content, inputName, request.getUri().toString());
                 for (TokenEntry entry : entries) {
                     String key = resolveMethod(entry.method) + ':' + entry.action;
                     tokens.put(key, entry);
--- a/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormExtractorTest.java	Tue Aug 08 12:39:51 2017 +0200
+++ b/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormExtractorTest.java	Tue Aug 08 12:55:07 2017 +0200
@@ -59,8 +59,8 @@
         String form = document.substring(fb.start, fb.end);
 
         // no action
-        TokenEntry entry = HttpCsrfFormExtractor.extract(form, "form__token", "form[_token]", "/save");
-        assertEntryEquals(entry, "/save", "post", "form1", "token-1qwerty");
+        TokenEntry entry = HttpCsrfFormExtractor.extract(form, "form[_token]", "/save");
+        assertEntryEquals(entry, "/save", "post", "token-1qwerty");
     }
 
     @Test
@@ -70,46 +70,35 @@
 
         // absolute action, no method
         tag = "<form name=\"f1\" action=\"/svc/save\"><input type=\"hidden\" id=\"t_id\" name=\"t_n\" value=\"t4val\" /></form>";
-        entry = HttpCsrfFormExtractor.extract(tag, "t_id", "t_n", "");
-        assertEntryEquals(entry, "/svc/save", "", "f1", "t4val");
+        entry = HttpCsrfFormExtractor.extract(tag, "t_n", "");
+        assertEntryEquals(entry, "/svc/save", "", "t4val");
 
         // relative action, no form name
         tag = "<form action=\"save\" method=\"post\"><input type=\"hidden\" id=\"t_id\" name=\"t_n\" value=\"t4val\" /></form>";
-        entry = HttpCsrfFormExtractor.extract(tag, "t_id", "t_n", "/path/abc");
-        assertEntryEquals(entry, "/path/save", "post", "", "t4val");
+        entry = HttpCsrfFormExtractor.extract(tag, "t_n", "/path/abc");
+        assertEntryEquals(entry, "/path/save", "post", "t4val");
     }
 
     @Test
-    public void testExtractByIdName() {
+    public void testExtractByName() {
         String tag = "<form action=\"/save\">"
-                + "<input type=\"hidden\"                          value=\"t4val1\" />"
-                + "<input type=\"hidden\"             name=\"t_n\" value=\"t4val2\" />"
-                + "<input type=\"hidden\" id=\"t_id\"              value=\"t4val3\" />"
-                + "<input type=\"hidden\" id=\"t_id\" name=\"t_n\" value=\"t4val4\" />"
+                + "<input type=\"hidden\"              value=\"t4val1\" />"
+                + "<input type=\"hidden\" name=\"t_n\" value=\"t4val2\" />"
                 + "</form>";
         TokenEntry entry;
 
-// token by name and id
-        entry = HttpCsrfFormExtractor.extract(tag, "t_id", "t_n", "");
-        assertEquals("t4val4", entry.value);
-
-// token by id
-        entry = HttpCsrfFormExtractor.extract(tag, "t_id", null, "");
-        assertEquals("t4val3", entry.value);
-
 // token by name
-        entry = HttpCsrfFormExtractor.extract(tag, null, "t_n", "");
+        entry = HttpCsrfFormExtractor.extract(tag, "t_n", "");
         assertEquals("t4val2", entry.value);
 
 // token is first hidden input
-        entry = HttpCsrfFormExtractor.extract(tag, null, null, "");
+        entry = HttpCsrfFormExtractor.extract(tag, null, "");
         assertEquals("t4val1", entry.value);
     }
 
-    private static void assertEntryEquals(TokenEntry entry, String action, String method, String name, String value) {
+    private static void assertEntryEquals(TokenEntry entry, String action, String method, String value) {
         assertEquals(action, entry.action);
         assertEquals(method, entry.method);
-        assertEquals(name, entry.name);
         assertEquals(value, entry.value);
     }
 }
--- a/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormFilterTest.java	Tue Aug 08 12:39:51 2017 +0200
+++ b/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFormFilterTest.java	Tue Aug 08 12:55:07 2017 +0200
@@ -1,7 +1,6 @@
 package com.passus.st.client.http.filter;
 
 import com.passus.data.ByteBuffDataSource;
-import com.passus.data.DataSource;
 import com.passus.net.http.HttpMessage;
 import com.passus.net.http.HttpMessageHelper;
 import com.passus.net.http.HttpParameters;