Skip to content

Utility change: allow manually defining URI for using reflection capability of albedo #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 6, 2025
Merged

Utility change: allow manually defining URI for using reflection capability of albedo #20

merged 2 commits into from
Mar 6, 2025

Conversation

@Sebitosh
Copy link
Contributor

@Sebitosh Sebitosh commented Mar 3, 2025

Description

Implements overwriting the default input.uri key in the schema. This is in particular useful for using albedo's reflection capability which reflects the response defined in the request body of a post.

The reason I am implementing this is for writing a test case demonstrating this issue: owasp-modsecurity/ModSecurity#2514 .
To write the test case I need the back-end to include a response body.

Ultimately it would be nice if albedo could include a specific response body on some endpoint when configured to do so (so I can define a response body to a request that isn't necessarily a POST request), I'll probably create an issue on the project's page soon to discuss this proposition.

Syntax

  targets:
    - target: ''
      test:
        data: '{"status": 201, "body": "<html>reflected-token</html>"}'
        input:
          headers:
            - name: Content-Type
              value: application/json
          uri: '/reflect'
        output:
          status: 201
          response_contains: "reflected-token"

Sebitosh added 2 commits March 3, 2025 01:55
@Sebitosh
Manually define URI for input
e21067e 
Signed-off-by: Sebitosh <soloplayerdiablo@gmail.com>
@Sebitosh
Demonstrate defining URI and reflected response
c527c75 
Signed-off-by: Sebitosh <soloplayerdiablo@gmail.com>
@airween airween merged commit 71c3f99 into owasp-modsecurity:main Mar 6, 2025
@airween
Copy link
Member

airween commented Mar 6, 2025

Thanks @Sebitosh!

@theseion theseion mentioned this pull request Mar 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@airween airween airween approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Sebitosh @airween