Starting the hardening process

coverage will drop during this time. Signed-off-by: Dave Shanley <dave@quobix.com>
pb33f · Apr 21, 2023 · 2ce0aac · 2ce0aac
1 parent 60b54a3
commit 2ce0aac
Show file tree

Hide file tree

Showing 10 changed files with 1,057 additions and 696 deletions.
diff --git a/parameters/header_parameters.go b/parameters/header_parameters.go
@@ -145,15 +145,16 @@ func (v *paramValidator) ValidateHeaderParams(request *http.Request) (bool, []*e
 		}
 	}
 
+	// TODO: this needs to go to the grave. this will trigger everything
 	// check for any headers that are not defined in the spec
-	for k := range request.Header {
-		if _, ok := seenHeaders[strings.ToLower(k)]; !ok {
-			ps := pathItem.GetOperations()[strings.ToLower(request.Method)].GoLow().Parameters
-			if ps.KeyNode != nil {
-				validationErrors = append(validationErrors, errors.HeaderParameterNotDefined(k, ps.KeyNode))
-			}
-		}
-	}
+	//for k := range request.Header {
+	//	if _, ok := seenHeaders[strings.ToLower(k)]; !ok {
+	//		ps := pathItem.GetOperations()[strings.ToLower(request.Method)].GoLow().Parameters
+	//		if ps.KeyNode != nil {
+	//			validationErrors = append(validationErrors, errors.HeaderParameterNotDefined(k, ps.KeyNode))
+	//		}
+	//	}
+	//}
 
 	if len(validationErrors) > 0 {
 		return false, validationErrors

diff --git a/parameters/header_parameters_test.go b/parameters/header_parameters_test.go
@@ -65,34 +65,6 @@ paths:
 	assert.Equal(t, "Path '/I/do/not/exist' not found", errors[0].Message)
 }
 
-func TestNewValidator_HeaderParamUndefined(t *testing.T) {
-
-	spec := `openapi: 3.1.0
-paths:
-  /vending/drinks:
-    get:
-      parameters:
-        - name: fishy
-          in: header
-          schema:
-            type: string
-`
-
-	doc, _ := libopenapi.NewDocument([]byte(spec))
-	m, _ := doc.BuildV3Model()
-
-	v := NewParameterValidator(&m.Model)
-
-	request, _ := http.NewRequest(http.MethodGet, "https://things.com/vending/drinks", nil)
-	request.Header.Set("Mushypeas", "yes please") //https://github.com/golang/go/issues/5022
-
-	valid, errors := v.ValidateHeaderParams(request)
-
-	assert.False(t, valid)
-	assert.Equal(t, 1, len(errors))
-	assert.Equal(t, "Header parameter 'Mushypeas' is not defined", errors[0].Message)
-}
-
 func TestNewValidator_HeaderParamDefaultEncoding_InvalidParamTypeNumber(t *testing.T) {
 
 	spec := `openapi: 3.1.0

diff --git a/parameters/path_parameters_test.go b/parameters/path_parameters_test.go
@@ -280,7 +280,7 @@ paths:
 
 	assert.False(t, valid)
 	assert.Len(t, errors, 1)
-	assert.Equal(t, "Match for path '/burgers/hello/locate', but the parameter 'hello' is not a number", errors[0].Message)
+	assert.Equal(t, "Path '/burgers/hello/locate' not found", errors[0].Message)
 }
 
 func TestNewValidator_SimpleEncodedPath_InvalidBoolean(t *testing.T) {