3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

lua: add fuzz test for cookie parsing

Browse source 
Add a fuzz test comparing the clean-upstream.lua script against a
reference implementation in Go.
This commit is contained in:
Kenneth Jenkins 2023-12-14 14:42:18 -08:00
parent b66634d1e6
commit 630e2ecc23
1 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
config/envoyconfig/lua_test.go
View file

@ -3,8 +3,11 @@ package envoyconfig
import (
"encoding/json"
"fmt"
"net/http"
"strings"
"testing"
"github.com/pomerium/pomerium/pkg/slices"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
lua "github.com/yuin/gopher-lua"
@ -85,6 +88,48 @@ func TestLuaRewriteHeaders(t *testing.T) {
assert.Equal(t, "https://frontend/one/some/uri/", headers["Location"])
}
func FuzzLuaRemovePomeriumCookie(f *testing.F) {
L := lua.NewState()
defer L.Close()
bs, err := luaFS.ReadFile("luascripts/clean-upstream.lua")
require.NoError(f, err)
err = L.DoString(string(bs))
require.NoError(f, err)
metadata := map[string]interface{}{"remove_pomerium_cookie": "_pomerium"}
dynamicMetadata := map[string]map[string]interface{}{}
f.Add("cookieA=aaa_pomerium=123; cookieb=bbb; _pomerium_other=stillhere; _pomerium=removed")
f.Fuzz(func(t *testing.T, s string) {
referenceOutput := slices.Filter(parseCookieString(s),
func(c *http.Cookie) bool { return c.Name != "_pomerium" })
referenceString := strings.Join(slices.Map(referenceOutput, (*http.Cookie).String), "; ")
headers := map[string]string{"cookie": s}
handle := newLuaResponseHandle(L, headers, metadata, dynamicMetadata)
err = L.CallByParam(lua.P{
Fn: L.GetGlobal("envoy_on_request"),
NRet: 0,
Protect: true,
}, handle)
require.NoError(t, err)
luaOutput := parseCookieString(headers["cookie"])
luaString := strings.Join(slices.Map(luaOutput, (*http.Cookie).String), "; ")
assert.Equalf(t, referenceString, luaString, "input: %q", s)
})
}
func parseCookieString(s string) []*http.Cookie {
header := http.Header{}
header.Set("Cookie", s)
request := http.Request{Header: header}
return request.Cookies()
}
func newLuaResponseHandle(L *lua.LState,
headers map[string]string,
metadata map[string]interface{},