From e71df220551faf101eb76669bfcf5007587a94c9 Mon Sep 17 00:00:00 2001 From: Brian Brazil Date: Tue, 5 Sep 2017 13:58:07 +0100 Subject: [PATCH] Add unittest for secrets not being exposed in debug output --- main_test.go | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/main_test.go b/main_test.go index e76da63..7d7488f 100644 --- a/main_test.go +++ b/main_test.go @@ -3,10 +3,12 @@ package main import ( "net/http" "net/http/httptest" + "strings" "testing" "time" "github.com/go-kit/kit/log" + pconfig "github.com/prometheus/common/config" "github.com/prometheus/blackbox_exporter/config" ) @@ -16,12 +18,16 @@ var c = &config.Config{ "http_2xx": config.Module{ Prober: "http", Timeout: 10 * time.Second, + HTTP: config.HTTPProbe{ + HTTPClientConfig: pconfig.HTTPClientConfig{ + BearerToken: "mysecret", + }, + }, }, }, } func TestPrometheusTimeoutHTTP(t *testing.T) { - ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { time.Sleep(2 * time.Second) })) @@ -44,3 +50,28 @@ func TestPrometheusTimeoutHTTP(t *testing.T) { t.Errorf("probe request handler returned wrong status code: %v, want %v", status, http.StatusOK) } } + +func TestPrometheusConfigSecretsHidden(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + time.Sleep(2 * time.Second) + })) + defer ts.Close() + + req, err := http.NewRequest("GET", "?debug=true&target="+ts.URL, nil) + if err != nil { + t.Fatal(err) + } + rr := httptest.NewRecorder() + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + probeHandler(w, r, c, log.NewNopLogger()) + }) + handler.ServeHTTP(rr, req) + + body := rr.Body.String() + if strings.Contains(body, "mysecret") { + t.Errorf("Secret exposed in debug config output: %v", body) + } + if !strings.Contains(body, "") { + t.Errorf("Hidden secret missing from debug config output: %v", body) + } +} -- 2.25.1