Add unittest for secrets not being exposed in debug output
authorBrian Brazil <brian.brazil@robustperception.io>
Tue, 5 Sep 2017 12:58:07 +0000 (13:58 +0100)
committerBrian Brazil <brian.brazil@robustperception.io>
Tue, 12 Sep 2017 11:01:48 +0000 (12:01 +0100)
main_test.go

index e76da6308821cc2c035bada7f5b7dd96ce18c717..7d7488fba48e81656841714582d59fe577819d78 100644 (file)
@@ -3,10 +3,12 @@ package main
 import (
        "net/http"
        "net/http/httptest"
+       "strings"
        "testing"
        "time"
 
        "github.com/go-kit/kit/log"
+       pconfig "github.com/prometheus/common/config"
 
        "github.com/prometheus/blackbox_exporter/config"
 )
@@ -16,12 +18,16 @@ var c = &config.Config{
                "http_2xx": config.Module{
                        Prober:  "http",
                        Timeout: 10 * time.Second,
+                       HTTP: config.HTTPProbe{
+                               HTTPClientConfig: pconfig.HTTPClientConfig{
+                                       BearerToken: "mysecret",
+                               },
+                       },
                },
        },
 }
 
 func TestPrometheusTimeoutHTTP(t *testing.T) {
-
        ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
                time.Sleep(2 * time.Second)
        }))
@@ -44,3 +50,28 @@ func TestPrometheusTimeoutHTTP(t *testing.T) {
                t.Errorf("probe request handler returned wrong status code: %v, want %v", status, http.StatusOK)
        }
 }
+
+func TestPrometheusConfigSecretsHidden(t *testing.T) {
+       ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               time.Sleep(2 * time.Second)
+       }))
+       defer ts.Close()
+
+       req, err := http.NewRequest("GET", "?debug=true&target="+ts.URL, nil)
+       if err != nil {
+               t.Fatal(err)
+       }
+       rr := httptest.NewRecorder()
+       handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               probeHandler(w, r, c, log.NewNopLogger())
+       })
+       handler.ServeHTTP(rr, req)
+
+       body := rr.Body.String()
+       if strings.Contains(body, "mysecret") {
+               t.Errorf("Secret exposed in debug config output: %v", body)
+       }
+       if !strings.Contains(body, "<secret>") {
+               t.Errorf("Hidden secret missing from debug config output: %v", body)
+       }
+}