Adding support for securing error logs (#1001)v1.23.0

Co-authored-by: Daniel Firsht <firsht@amazon.com>
author: Daniel Firsht <dfirsht@gmail.com> 2021-03-26 02:46:57 -0700
committer: GitHub <noreply@github.com> 2021-03-26 10:46:57 +0100
commit: 2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea (patch)
tree: cdb5b1d3c93e8cf8bebf5ec494d063fba47172e0 /header_test.go
parent: Improve Client/HostClient pooling when many HostClient structs created and re... (diff)
download: fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.tar.gz
fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.tar.bz2
fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.zip
1 files changed, 73 insertions, 0 deletions
diff --git a/header_test.go b/header_test.go
index f82d221..e18c5cb 100644
--- a/header_test.go
+++ b/header_test.go
@@ -2399,6 +2399,31 @@ func TestResponseHeaderReadError(t *testing.T) {
 	testResponseHeaderReadError(t, h, "HTTP/1.1 200 OK\r\nContent-Length: 123\r\nContent-Type: text/html\r\n")
 }
 
+func TestResponseHeaderReadErrorSecureLog(t *testing.T) {
+	h := &ResponseHeader{
+		secureErrorLogMessage: true,
+	}
+
+	// incorrect first line
+	testResponseHeaderReadSecuredError(t, h, "fo")
+	testResponseHeaderReadSecuredError(t, h, "foobarbaz")
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1")
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 ")
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 s")
+
+	// non-numeric status code
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 foobar OK\r\nContent-Length: 123\r\nContent-Type: text/html\r\n\r\n")
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 123foobar OK\r\nContent-Length: 123\r\nContent-Type: text/html\r\n\r\n")
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 foobar344 OK\r\nContent-Length: 123\r\nContent-Type: text/html\r\n\r\n")
+
+
+	// no headers
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 200 OK\r\n")
+
+	// no trailing crlf
+	testResponseHeaderReadSecuredError(t, h, "HTTP/1.1 200 OK\r\nContent-Length: 123\r\nContent-Type: text/html\r\n")
+}
+
 func TestRequestHeaderReadError(t *testing.T) {
 	t.Parallel()
 
@@ -2417,6 +2442,25 @@ func TestRequestHeaderReadError(t *testing.T) {
 	testRequestHeaderReadError(t, h, "POST /a HTTP/1.1\r\nHost: bb\r\nContent-Type: aa\r\nContent-Length: dff\r\n\r\nqwerty")
 }
 
+func TestRequestHeaderReadSecuredError(t *testing.T) {
+	t.Parallel()
+
+	h := &RequestHeader{
+		secureErrorLogMessage: true,
+	}
+
+	// incorrect first line
+	testRequestHeaderReadSecuredError(t, h, "fo")
+	testRequestHeaderReadSecuredError(t, h, "GET ")
+	testRequestHeaderReadSecuredError(t, h, "GET / HTTP/1.1\r")
+
+	// missing RequestURI
+	testRequestHeaderReadSecuredError(t, h, "GET  HTTP/1.1\r\nHost: google.com\r\n\r\n")
+
+	// post with invalid content-length
+	testRequestHeaderReadSecuredError(t, h, "POST /a HTTP/1.1\r\nHost: bb\r\nContent-Type: aa\r\nContent-Length: dff\r\n\r\nqwerty")
+}
+
 func testResponseHeaderReadError(t *testing.T, h *ResponseHeader, headers string) {
 	r := bytes.NewBufferString(headers)
 	br := bufio.NewReader(r)
@@ -2424,7 +2468,21 @@ func testResponseHeaderReadError(t *testing.T, h *ResponseHeader, headers string
 	if err == nil {
 		t.Fatalf("Expecting error when reading response header %q", headers)
 	}
+	// make sure response header works after error
+	testResponseHeaderReadSuccess(t, h, "HTTP/1.1 200 OK\r\nContent-Type: foo/bar\r\nContent-Length: 12345\r\n\r\nsss",
+		200, 12345, "foo/bar", "sss")
+}
 
+func testResponseHeaderReadSecuredError(t *testing.T, h *ResponseHeader, headers string) {
+	r := bytes.NewBufferString(headers)
+	br := bufio.NewReader(r)
+	err := h.Read(br)
+	if err == nil {
+		t.Fatalf("Expecting error when reading response header %q", headers)
+	}
+	if strings.Contains(err.Error(), headers) {
+		t.Fatalf("Not expecting header content in err %q", err)
+	}
 	// make sure response header works after error
 	testResponseHeaderReadSuccess(t, h, "HTTP/1.1 200 OK\r\nContent-Type: foo/bar\r\nContent-Length: 12345\r\n\r\nsss",
 		200, 12345, "foo/bar", "sss")
@@ -2443,6 +2501,21 @@ func testRequestHeaderReadError(t *testing.T, h *RequestHeader, headers string)
 		-2, "/foo/bar", "aaaa", "", "", "xxx")
 }
 
+func testRequestHeaderReadSecuredError(t *testing.T, h *RequestHeader, headers string) {
+	r := bytes.NewBufferString(headers)
+	br := bufio.NewReader(r)
+	err := h.Read(br)
+	if err == nil {
+		t.Fatalf("Expecting error when reading request header %q", headers)
+	}
+	if strings.Contains(err.Error(), headers) {
+		t.Fatalf("Not expecting header content in err %q", err)
+	}
+	// make sure request header works after error
+	testRequestHeaderReadSuccess(t, h, "GET /foo/bar HTTP/1.1\r\nHost: aaaa\r\n\r\nxxx",
+		-2, "/foo/bar", "aaaa", "", "", "xxx")
+}
+
 func testResponseHeaderReadSuccess(t *testing.T, h *ResponseHeader, headers string, expectedStatusCode, expectedContentLength int,
 	expectedContentType, expectedTrailer string) {
 	r := bytes.NewBufferString(headers)
author	Daniel Firsht <dfirsht@gmail.com>	2021-03-26 02:46:57 -0700
committer	GitHub <noreply@github.com>	2021-03-26 10:46:57 +0100
commit	2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea (patch)
tree	cdb5b1d3c93e8cf8bebf5ec494d063fba47172e0 /header_test.go
parent	Improve Client/HostClient pooling when many HostClient structs created and re... (diff)
download	fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.tar.gz fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.tar.bz2 fasthttp-2a6f7db5bbc4d7c11f1ccc0cb827e145b9b7d7ea.zip