PaloAltoNetworks · primalmotion · May 21, 2019 · May 21, 2019 · May 21, 2019 · May 21, 2019
diff --git a/maniphttp/helpers.go b/maniphttp/helpers.go
@@ -12,11 +12,15 @@
 package maniphttp
 
 import (
+	"context"
 	"crypto/tls"
+	"fmt"
 	"net/http"
+	"strings"
 
 	"go.aporeto.io/elemental"
 	"go.aporeto.io/manipulate"
+	"go.aporeto.io/manipulate/internal/tracing"
 )
 
 // ExtractCredentials extracts the username and password from the given manipulator.
@@ -96,3 +100,29 @@ func SetGlobalHeaders(manipulator manipulate.Manipulator, headers http.Header) {
 
 	m.globalHeaders = headers
 }
+
+// DirectSend allows to send direct bytes using the given manipulator.
+// This is only useful in extremely particular scenario, like fuzzing.
+func DirectSend(manipulator manipulate.Manipulator, mctx manipulate.Context, endpoint string, method string, body []byte) (*http.Response, error) {
+
+	m, ok := manipulator.(*httpManipulator)
+	if !ok {
+		panic("You can only pass a HTTP Manipulator to DirectSend")
+	}
+
+	if mctx == nil {
+		mctx = manipulate.NewContext(context.Background())
+	}
+
+	if !strings.HasPrefix(endpoint, "/") {
+		endpoint = "/" + endpoint
+	}
+
+	v := m.computeVersion(0, mctx.Version())
+	url := m.url + "/" + v + endpoint
+
+	sp := tracing.StartTrace(mctx, fmt.Sprintf("maniphttp.directsend"))
+	defer sp.Finish()
+
+	return m.send(mctx, method, url, body, sp, 0)
+}
diff --git a/maniphttp/helpers_test.go b/maniphttp/helpers_test.go
@@ -12,14 +12,18 @@
 package maniphttp
 
 import (
+	"context"
 	"crypto/tls"
+	"fmt"
+	"io/ioutil"
 	"net/http"
+	"net/http/httptest"
+	"strings"
 	"sync"
 	"testing"
 
-	"go.aporeto.io/manipulate/maniptest"
-
 	. "github.com/smartystreets/goconvey/convey"
+	"go.aporeto.io/manipulate/maniptest"
 )
 
 func TestManiphttp_ExtractCredentials(t *testing.T) {
@@ -187,3 +191,58 @@ func TestManiphttp_SetGlobalHeaders(t *testing.T) {
 		})
 	})
 }
+
+func TestManiphttp_DirectSend(t *testing.T) {
+
+	Convey("Given I have a manipulator and a test server", t, func() {
+
+		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			body, err := ioutil.ReadAll(r.Body)
+			if err != nil {
+				panic(err)
+			}
+
+			if string(body) != "hello" {
+				panic("wrong body recieved.")
+			}
+
+			if !strings.HasSuffix(r.RequestURI, "/toto") {
+				panic(fmt.Sprintf("wrong url: %s", r.RequestURI))
+			}
+
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusCreated)
+			fmt.Fprint(w, `"bonjour"`)
+		}))
+		defer ts.Close()
+
+		m, _ := New(context.Background(), ts.URL)
+
+		Convey("When I call DirectSend", func() {
+
+			resp, err := DirectSend(m, nil, "toto", http.MethodPost, []byte("hello"))
+
+			Convey("Then err should be nil", func() {
+				So(err, ShouldBeNil)
+			})
+
+			Convey("Then the response should be correct", func() {
+				So(resp, ShouldNotBeNil)
+				So(resp.StatusCode, ShouldEqual, http.StatusCreated)
+			})
+		})
+	})
+
+	Convey("Given I have a non http manipulator", t, func() {
+
+		m := maniptest.NewTestManipulator()
+
+		Convey("When I call DirectSend", func() {
+
+			Convey("Then it should panic", func() {
+				So(func() { _, _ = DirectSend(m, nil, "", http.MethodPost, nil) }, ShouldPanicWith, "You can only pass a HTTP Manipulator to DirectSend")
+			})
+		})
+	})
+}