Improve input validation test cases

zalando · Nov 12, 2024 · 4866573 · 4866573
1 parent f6f9efb
commit 4866573
Showing 1 changed file with 48 additions and 7 deletions.
diff --git a/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go b/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go
@@ -182,6 +182,32 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 			backendHeaders:    make(http.Header),
 			removeHeaders:     make(http.Header),
 		},
+		{
+			msg:               "Simple Forbidden with Fragment URL",
+			filterName:        "opaAuthorizeRequest",
+			bundleName:        "somebundle.tar.gz",
+			regoQuery:         "envoy/authz/allow_with_path_having_empty_query_with_fragment",
+			requestPath:       "/allow-with-fragment#fragment",
+			requestMethod:     "GET",
+			contextExtensions: "",
+			expectedStatus:    http.StatusForbidden,
+			expectedHeaders:   make(http.Header),
+			backendHeaders:    make(http.Header),
+			removeHeaders:     make(http.Header),
+		},
+		{
+			msg:               "Simple Forbidden with Fragment URL with Query Parameters",
+			filterName:        "opaAuthorizeRequest",
+			bundleName:        "somebundle.tar.gz",
+			regoQuery:         "envoy/authz/allow_with_path_having_query_with_fragment",
+			requestPath:       "/allow-with-fragment#fragment?toFail=true",
+			requestMethod:     "GET",
+			contextExtensions: "",
+			expectedStatus:    http.StatusForbidden,
+			expectedHeaders:   make(http.Header),
+			backendHeaders:    make(http.Header),
+			removeHeaders:     make(http.Header),
+		},
 		{
 			msg:               "Allow With Structured Rules",
 			filterName:        "opaAuthorizeRequest",
@@ -425,6 +451,16 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 							input.parsed_query = {}
 						}
 
+						allow_with_path_having_empty_query_with_fragment {
+							input.parsed_path = [ "allow-with-fragment#fragment" ]
+							input.parsed_query = {}
+						}
+
+						allow_with_path_having_query_with_fragment {
+							input.parsed_path = [ "allow-with-fragment#fragment" ]
+							input.parsed_query = {}
+						}
+
 						allow {
 							input.parsed_path = [ "allow-with-query" ]
 							input.parsed_query.pass == ["yes"]
@@ -581,15 +617,20 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 	}
 }
 
-func TestCreateFilterArguments(t *testing.T) {
-	opaRegistry := openpolicyagent.NewOpenPolicyAgentRegistry()
-	ftSpec := NewOpaAuthorizeRequestSpec(opaRegistry, openpolicyagent.WithConfigTemplate([]byte("")))
+func TestAuthorizeRequestFilterInputHeaders(t *testing.T) {
 
-	_, err := ftSpec.CreateFilter([]interface{}{})
-	assert.ErrorIs(t, err, filters.ErrInvalidFilterParameters)
+}
+
+func TestAuthorizeRequestFilterInputQueryParams(t *testing.T) {
+
+}
+
+func TestAuthorizeRequestFilterInputPath(t *testing.T) {
+
+}
+
+func TestCreateFilterArguments(t *testing.T) {
 
-	_, err = ftSpec.CreateFilter([]interface{}{"a bundle", "extra: value", "superfluous argument"})
-	assert.ErrorIs(t, err, filters.ErrInvalidFilterParameters)
 }
 
 func isHeadersPresent(t *testing.T, expectedHeaders http.Header, headers http.Header) bool {