import (
"net/http"
"net/http/httptest"
+ "strings"
"testing"
"time"
"github.com/go-kit/kit/log"
+ pconfig "github.com/prometheus/common/config"
"github.com/prometheus/blackbox_exporter/config"
)
"http_2xx": config.Module{
Prober: "http",
Timeout: 10 * time.Second,
+ HTTP: config.HTTPProbe{
+ HTTPClientConfig: pconfig.HTTPClientConfig{
+ BearerToken: "mysecret",
+ },
+ },
},
},
}
func TestPrometheusTimeoutHTTP(t *testing.T) {
-
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
time.Sleep(2 * time.Second)
}))
t.Errorf("probe request handler returned wrong status code: %v, want %v", status, http.StatusOK)
}
}
+
+func TestPrometheusConfigSecretsHidden(t *testing.T) {
+ ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ time.Sleep(2 * time.Second)
+ }))
+ defer ts.Close()
+
+ req, err := http.NewRequest("GET", "?debug=true&target="+ts.URL, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ rr := httptest.NewRecorder()
+ handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ probeHandler(w, r, c, log.NewNopLogger())
+ })
+ handler.ServeHTTP(rr, req)
+
+ body := rr.Body.String()
+ if strings.Contains(body, "mysecret") {
+ t.Errorf("Secret exposed in debug config output: %v", body)
+ }
+ if !strings.Contains(body, "<secret>") {
+ t.Errorf("Hidden secret missing from debug config output: %v", body)
+ }
+}