1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jdisc.http.server.jetty;
import com.yahoo.container.logging.AccessLogEntry;
import org.testng.annotations.Test;
import javax.servlet.http.HttpServletRequest;
import java.util.Optional;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
* @author bakksjo
*/
@SuppressWarnings("deprecation") // AccessLogEntry.setURI/getURI are deprecated
public class AccessLogRequestLogTest {
@Test
public void requireThatQueryWithUnquotedSpecialCharactersIsHandled() {
final HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
when(httpServletRequest.getRequestURI()).thenReturn("/search/");
when(httpServletRequest.getQueryString()).thenReturn("query=year:>2010");
final AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getURI(), is(not(nullValue())));
}
@Test
public void requireThatDoubleQuotingIsNotPerformed() {
final HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
final String path = "/search/";
when(httpServletRequest.getRequestURI()).thenReturn(path);
final String query = "query=year%252010+%3B&customParameter=something";
when(httpServletRequest.getQueryString()).thenReturn(query);
final AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getURI().toString(), is(path + '?' + query));
}
@Test
public void requireThatNoQueryPartIsHandledWhenRequestIsMalformed() {
final HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
final String path = "/s>earch/";
when(httpServletRequest.getRequestURI()).thenReturn(path);
final String query = null;
when(httpServletRequest.getQueryString()).thenReturn(query);
final AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getURI().toString(), is("/s%3Eearch/"));
}
@Test
public void invalid_percent_escape_patterns_in_query_string_are_escaped() {
HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
when(httpServletRequest.getRequestURI()).thenReturn("/search/");
when(httpServletRequest.getQueryString()).thenReturn("q=%%2");
AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getURI().toString(), is("/search/?q=%25%252"));
}
@Test
public void raw_path_and_query_are_set_from_request() {
HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
String rawPath = "//search/";
when(httpServletRequest.getRequestURI()).thenReturn(rawPath);
String rawQuery = "q=%%2";
when(httpServletRequest.getQueryString()).thenReturn(rawQuery);
AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getRawPath(), is(rawPath));
Optional<String> actualRawQuery = accessLogEntry.getRawQuery();
assertThat(actualRawQuery.isPresent(), is(true));
assertThat(actualRawQuery.get(), is(rawQuery));
}
@Test
public void verify_x_forwarded_for_precedence () {
HttpServletRequest httpServletRequest = mock(HttpServletRequest.class);
when(httpServletRequest.getRequestURI()).thenReturn("//search/");
when(httpServletRequest.getQueryString()).thenReturn("q=%%2");
when(httpServletRequest.getHeader("x-forwarded-for")).thenReturn("1.2.3.4");
when(httpServletRequest.getHeader("y-ra")).thenReturn("2.3.4.5");
AccessLogEntry accessLogEntry = new AccessLogEntry();
AccessLogRequestLog.populateAccessLogEntryFromHttpServletRequest(httpServletRequest, accessLogEntry);
assertThat(accessLogEntry.getRemoteAddress(), is("1.2.3.4"));
}
}
|
