Mercurial > stress-tester

changeset 447:b94661105617

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HttpCsrfFilter - cookie injector
author Devel 2
date Mon, 31 Jul 2017 11:43:07 +0200
parents a6697ffb881c
children a9323277e4d4
files stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilterInjectorTransformer.java stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java
diffstat 3 files changed, 35 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java	Mon Jul 31 09:27:19 2017 +0200
+++ b/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilter.java	Mon Jul 31 11:43:07 2017 +0200
@@ -28,6 +28,10 @@
 import java.util.Queue;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import static com.passus.config.schema.ConfigurationSchemaBuilder.mapDef;
+import static com.passus.config.schema.ConfigurationSchemaBuilder.valueDef;
+import static com.passus.config.schema.ConfigurationSchemaBuilder.mapDef;
+import static com.passus.config.schema.ConfigurationSchemaBuilder.valueDef;
 
 /**
  *
@@ -111,6 +115,25 @@
         }
     }
 
+    public static final class CookieInjector implements Injector {
+
+        private final ByteString cookieName;
+
+        public CookieInjector(CharSequence cookieName) {
+            Assert.notNull(cookieName, "headerName");
+            this.cookieName = ByteString.create(cookieName);
+        }
+
+        public ByteString getCookieName() {
+            return cookieName;
+        }
+
+        @Override
+        public void inject(HttpMessage msg, ByteString csrfToken) {
+            HELPER.updateCookieValue(msg, cookieName, csrfToken);
+        }
+    }
+
     public static abstract class Store {
 
         public abstract void save(ParametersBag session, ByteString token);
@@ -286,7 +309,8 @@
 
             KeyNameVaryListNodeDefinition injectorsDef = new KeyNameVaryListNodeDefinition()
                     .setNodeTransformer(new HttpCsrfFilterInjectorTransformer())
-                    .add("header", valueDef().addValidator(HeaderNameValidator.INSTANCE));
+                    .add("header", valueDef().addValidator(HeaderNameValidator.INSTANCE))
+                    .add("cookie", valueDef());
 
             ValueNodeDefinition storeDef = valueDef().setTransformer(new HttpCsrfFilterStoreTransformer());
 
--- a/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilterInjectorTransformer.java	Mon Jul 31 09:27:19 2017 +0200
+++ b/stress-tester/src/main/java/com/passus/st/client/http/filter/HttpCsrfFilterInjectorTransformer.java	Mon Jul 31 11:43:07 2017 +0200
@@ -7,6 +7,7 @@
 import com.passus.config.NodeType;
 import com.passus.config.schema.NodeTransformer;
 import com.passus.config.validation.Errors;
+import com.passus.st.client.http.filter.HttpCsrfFilter.CookieInjector;
 import com.passus.st.client.http.filter.HttpCsrfFilter.HeaderInjector;
 import com.passus.st.client.http.filter.HttpCsrfFilter.Injector;
 import static com.passus.st.validation.NodeValidationUtils.validateType;
@@ -56,8 +57,11 @@
                     case "header":
                         injector = createNameExtractor(tuple, errors, HeaderInjector.class);
                         break;
+                    case "cookie":
+                        injector = createNameExtractor(tuple, errors, CookieInjector.class);
+                        break;
                     default:
-                        throw new IllegalStateException("Not supported extractor '" + opName + "'.");
+                        throw new IllegalStateException("Not supported injector '" + opName + "'.");
                 }
 
                 if (injector != null) {
--- a/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java	Mon Jul 31 09:27:19 2017 +0200
+++ b/stress-tester/src/test/java/com/passus/st/client/http/filter/HttpCsrfFilterTest.java	Mon Jul 31 11:43:07 2017 +0200
@@ -12,6 +12,7 @@
 import com.passus.st.client.http.HttpFlowContext;
 import com.passus.st.client.http.HttpScopes;
 import com.passus.st.client.http.filter.HttpCsrfFilter.CookieExtractor;
+import com.passus.st.client.http.filter.HttpCsrfFilter.CookieInjector;
 import com.passus.st.client.http.filter.HttpCsrfFilter.Extractor;
 import com.passus.st.client.http.filter.HttpCsrfFilter.HeaderExtractor;
 import com.passus.st.client.http.filter.HttpCsrfFilter.HeaderInjector;
@@ -144,6 +145,7 @@
                 + "        cookie: \"csrf-cookie\"\n"
                 + "      inject:\n"
                 + "        header: \"csrf-header-inject\"\n"
+                + "        cookie: \"csrf-cookie-inject\"\n"
                 + "      store: single\n";
 
         Errors errors = new Errors();
@@ -162,7 +164,7 @@
         List<Injector> injectors = filter.getInjectors();
 
         assertEquals(2, extractors.size());
-        assertEquals(1, injectors.size());
+        assertEquals(2, injectors.size());
 
         assertTrue(extractors.get(0) instanceof HeaderExtractor);
         assertEquals("csrf-header", ((HeaderExtractor) extractors.get(0)).getHeaderName().toString());
@@ -173,5 +175,7 @@
         assertTrue(injectors.get(0) instanceof HeaderInjector);
         assertEquals("csrf-header-inject", ((HeaderInjector) injectors.get(0)).getHeaderName().toString());
 
+        assertTrue(injectors.get(1) instanceof CookieInjector);
+        assertEquals("csrf-cookie-inject", ((CookieInjector) injectors.get(1)).getCookieName().toString());
     }
 }