Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(e2e): check response body read error only if a body is expected #852

Merged
merged 2 commits into from
Aug 1, 2023
Merged

chore(e2e): check response body read error only if a body is expected #852

merged 2 commits into from
Aug 1, 2023

Conversation

M4tteoP
Copy link
Member

@M4tteoP M4tteoP commented Jul 26, 2023

Working on corazawaf/coraza-caddy#96 (e2e is failing I'm trying to update it with the new one), I found that Caddy properly aborts the response if at phase 3 a deny action is triggered. It means that the response body can not be read.
Caddy Log:

e2e-caddy-1  | {"level":"error","ts":1690387902.7979822,"logger":"http.handlers.waf","msg":"[client \"192.168.176.4\"] Coraza: Access denied (phase 3).  [file \"\"] [line \"10\"] [id \"103\"] [rev \"\"] [msg \"\"] [data \"\"] [severity \"emergency\"] [ver \"\"] [maturity \"0\"] [accuracy \"0\"] [hostname \"\"] [uri \"/response-headers?pass=leak\"] [unique_id \"RkQqgctUauuoQNPt\"]\n"}
e2e-caddy-1  | {"level":"error","ts":1690387902.798008,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"short write"}

e2e output:

e2e-tests-1  | [5/9] Running test: Denied request with a malicious response header
e2e-tests-1  | [Fail] could not read response body: unexpected EOF
e2e-tests-1  | exit status 1

This PR should fix the problem looking at the error generated by reading the response only when we actually want to check the response body.

@M4tteoP M4tteoP requested a review from a team as a code owner July 26, 2023 16:30
@M4tteoP M4tteoP requested a review from jcchavezs July 26, 2023 16:30
@codecov
Copy link

codecov bot commented Jul 26, 2023
edited
Loading

Codecov Report

Patch coverage: 78.98% and project coverage change: +0.07% 🎉

Comparison is base (1b8a007) 81.51% compared to head (6839e51) 81.59%.
Report is 12 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #852      +/-   ##
==========================================
+ Coverage   81.51%   81.59%   +0.07%     
==========================================
  Files         158      159       +1     
  Lines        8947     9013      +66     
==========================================
+ Hits         7293     7354      +61     
- Misses       1408     1412       +4     
- Partials      246      247       +1
Flag Coverage Δ
default 76.64% <80.74%> (+0.47%) ⬆️
examples 25.52% <16.66%> (+<0.01%) ⬆️
ftw 46.85% <40.47%> (-0.24%) ⬇️
ftw-multiphase 48.98% <40.47%> (-0.25%) ⬇️
tinygo 74.85% <96.59%> (+2.62%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
http/e2e/cmd/httpe2e/main.go 0.00% <ø> (ø)
internal/actions/allow.go 100.00% <ø> (ø)
internal/actions/auditlog.go 72.72% <ø> (ø)
internal/actions/block.go 100.00% <ø> (ø)
internal/actions/capture.go 100.00% <ø> (ø)
internal/actions/chain.go 100.00% <ø> (ø)
internal/actions/ctl.go 92.87% <ø> (ø)
internal/actions/deny.go 84.21% <ø> (ø)
internal/actions/drop.go 84.21% <ø> (ø)
internal/actions/exec.go 70.00% <ø> (ø)
... and 32 more

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

anuraaga
anuraaga approved these changes Aug 1, 2023
View reviewed changes
http/e2e/e2e.go Outdated Show resolved Hide resolved
@jcchavezs @anuraaga
docs: typo
6839e51 
Co-authored-by: Anuraag Agrawal <anuraaga@gmail.com>
jcchavezs
jcchavezs reviewed Aug 1, 2023
View reviewed changes
http/e2e/e2e.go Outdated
@@ -289,6 +286,11 @@ func Run(cfg Config) error {
}

if test.expectedBody != nil {
// Same servers might aborting the request before sending the body (E.g. triggering a phase 3 rule with deny action)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mentioning the example makes the case

@jcchavezs jcchavezs merged commit bb4119d into corazawaf:main Aug 1, 2023
7 of 9 checks passed
@jcchavezs jcchavezs deleted the fix_e2e_short_write branch August 1, 2023 12:05
@M4tteoP M4tteoP mentioned this pull request Jan 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anuraaga anuraaga anuraaga approved these changes

@jcchavezs jcchavezs jcchavezs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@M4tteoP @anuraaga @jcchavezs