arachni-typhoeus 0.2.0

data/spec/servers/app.rb

@@ -0,0 +1,84 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'sinatra'
+require 'json'
+require 'zlib'
+
+@@fail_count = 0
+get '/fail/:number' do
+  if @@fail_count >= params[:number].to_i
+    "ok"
+  else
+    @@fail_count += 1
+    error 500, "oh noes!"
+   end
+end
+
+get '/fail_forever' do
+  error 500, "oh noes!"
+end
+
+get '/redirect' do
+  redirect '/'
+end
+
+get '/bad_redirect' do
+  redirect '/bad_redirect'
+end
+
+get '/auth_basic/:username/:password' do
+  @auth ||=  Rack::Auth::Basic::Request.new(request.env)
+  # Check that we've got a basic auth, and that it's credentials match the ones
+  # provided in the request
+  if @auth.provided? && @auth.basic? && @auth.credentials == [ params[:username], params[:password] ]
+    # auth is valid - confirm it
+    true
+  else
+    # invalid auth - request the authentication
+    response['WWW-Authenticate'] = %(Basic realm="Testing HTTP Auth")
+    throw(:halt, [401, "Not authorized\n"])
+  end
+end
+
+get '/auth_ntlm' do
+  # we're just checking for the existence if NTLM auth header here. It's validation
+  # is too troublesome and really doesn't bother is much, it's up to libcurl to make
+  # it valid
+  response['WWW-Authenticate'] = 'NTLM'
+  is_ntlm_auth = /^NTLM/ =~ request.env['HTTP_AUTHORIZATION']
+  true if is_ntlm_auth
+  throw(:halt, [401, "Not authorized\n"]) if !is_ntlm_auth
+end
+
+get '/gzipped' do
+  req_env = request.env.to_json
+  z = Zlib::Deflate.new
+  gzipped_env = z.deflate(req_env, Zlib::FINISH)
+  z.close
+  response['Content-Encoding'] = 'gzip'
+  gzipped_env
+end
+
+get '/**' do
+  sleep params["delay"].to_i if params.has_key?("delay")
+  request.env.merge!(:body => request.body.read).to_json
+end
+
+head '/**' do
+  sleep params["delay"].to_i if params.has_key?("delay")
+end
+
+put '/**' do
+  puts request.inspect
+  request.env.merge!(:body => request.body.read).to_json
+end
+
+post '/**' do
+  puts request.inspect
+  request.env.merge!(:body => request.body.read).to_json
+end
+
+delete '/**' do
+  puts request.inspect
+  request.env.merge!(:body => request.body.read).to_json
+end

data/spec/spec.opts

@@ -0,0 +1,2 @@
+--diff
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require "rubygems"
+require 'json'
+require "spec"
+
+# gem install redgreen for colored test output
+begin require "redgreen" unless ENV['TM_CURRENT_LINE']; rescue LoadError; end
+
+path = File.expand_path(File.dirname(__FILE__) + "/../lib/")
+$LOAD_PATH.unshift(path) unless $LOAD_PATH.include?(path)
+
+require path + '/typhoeus'

data/spec/typhoeus/easy_spec.rb

@@ -0,0 +1,284 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Typhoeus::Easy do
+  describe "#supports_zlib" do
+    before(:each) do
+      @easy = Typhoeus::Easy.new
+    end
+
+    it "should return true if the version string has zlib" do
+      @easy.stub!(:curl_version).and_return("libcurl/7.20.0 OpenSSL/0.9.8l zlib/1.2.3 libidn/1.16")
+      @easy.supports_zlib?.should be_true
+    end
+
+    it "should return false if the version string doesn't have zlib" do
+      @easy.stub!(:curl_version).and_return("libcurl/7.20.0 OpenSSL/0.9.8l libidn/1.16")
+      @easy.supports_zlib?.should be_false
+    end
+  end
+
+  describe "curl errors" do
+    it "should provide the CURLE_OPERATION_TIMEDOUT return code when a request times out" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/?delay=1"
+      e.method = :get
+      e.timeout = 100
+      e.perform
+      e.curl_return_code.should == 28
+      e.curl_error_message.should == "Timeout was reached"
+      e.response_code.should == 0
+    end
+
+    it "should provide the CURLE_COULDNT_CONNECT return code when trying to connect to a non existent port" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3999"
+      e.method = :get
+      e.connect_timeout = 100
+      e.perform
+      e.curl_return_code.should == 7
+      e.curl_error_message.should == "Couldn't connect to server"
+      e.response_code.should == 0
+    end
+
+    it "should not return an error message on a successful easy operation" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :get
+      easy.curl_error_message.should == nil
+      easy.perform
+      easy.response_code.should == 200
+      easy.curl_return_code.should == 0
+      easy.curl_error_message.should == "No error"
+    end
+
+  end
+
+  describe "options" do
+    it "should not follow redirects if not instructed to" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/redirect"
+      e.method = :get
+      e.perform
+      e.response_code.should == 302
+    end
+
+    it "should allow for following redirects" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/redirect"
+      e.method = :get
+      e.follow_location = true
+      e.perform
+      e.response_code.should == 200
+      JSON.parse(e.response_body)["REQUEST_METHOD"].should == "GET"
+    end
+
+    it "should allow you to set the user agent" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :get
+      easy.user_agent = "myapp"
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["HTTP_USER_AGENT"].should == "myapp"
+    end
+
+    it "should provide a timeout in milliseconds" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/?delay=1"
+      e.method = :get
+      e.timeout = 10
+      e.perform
+      e.timed_out?.should == true
+    end
+
+    it "should allow the setting of the max redirects to follow" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/redirect"
+      e.method = :get
+      e.follow_location = true
+      e.max_redirects = 5
+      e.perform
+      e.response_code.should == 200
+    end
+
+    it "should handle our bad redirect action, provided we've set max_redirects properly" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/bad_redirect"
+      e.method = :get
+      e.follow_location = true
+      e.max_redirects = 5
+      e.perform
+      e.response_code.should == 302
+    end
+  end
+  
+  describe "authentication" do
+    it "should allow to set username and password" do
+      e = Typhoeus::Easy.new
+      username, password = 'foo', 'bar'
+      e.auth = { :username => username, :password => password }
+      e.url = "http://localhost:3001/auth_basic/#{username}/#{password}"
+      e.method = :get
+      e.perform
+      e.response_code.should == 200
+    end
+    
+    it "should allow to query auth methods support by the server" do
+      e = Typhoeus::Easy.new
+      e.url = "http://localhost:3001/auth_basic/foo/bar"
+      e.method = :get
+      e.perform
+      e.auth_methods.should == Typhoeus::Easy::AUTH_TYPES[:CURLAUTH_BASIC]
+    end
+
+    it "should allow to set authentication method" do
+      e = Typhoeus::Easy.new
+      e.auth = { :username => 'username', :password => 'password', :method => Typhoeus::Easy::AUTH_TYPES[:CURLAUTH_NTLM] }
+      e.url = "http://localhost:3001/auth_ntlm"
+      e.method = :get
+      e.perform
+      e.response_code.should == 200
+    end
+  end
+  
+  describe "get" do
+    it "should perform a get" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :get
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["REQUEST_METHOD"].should == "GET"
+    end
+  end
+
+  describe "purge" do
+    it "should set custom request to purge" do
+      easy = Typhoeus::Easy.new
+      easy.should_receive(:set_option).with(Typhoeus::Easy::OPTION_VALUES[:CURLOPT_CUSTOMREQUEST], "PURGE").once
+      easy.method = :purge
+    end
+  end
+
+  describe "head" do
+    it "should perform a head" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :head
+      easy.perform
+      easy.response_code.should == 200
+    end
+  end
+
+  describe "start_time" do
+    it "should be get/settable" do
+      time = Time.now
+      easy = Typhoeus::Easy.new
+      easy.start_time.should be_nil
+      easy.start_time = time
+      easy.start_time.should == time
+    end
+  end
+
+  describe "params=" do
+    it "should handle arrays of params" do
+      easy = Typhoeus::Easy.new
+      easy.url = "http://localhost:3002/index.html"
+      easy.method = :get
+      easy.request_body = "this is a body!"
+      easy.params = {
+        :foo => 'bar',
+        :username => ['dbalatero', 'dbalatero2']
+      }
+      
+      easy.url.should =~ /\?.*username=dbalatero&username=dbalatero2/
+    end
+  end
+
+
+  describe "put" do
+    it "should perform a put" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :put
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["REQUEST_METHOD"].should == "PUT"
+    end
+    
+    it "should send a request body" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :put
+      easy.request_body = "this is a body!"
+      easy.perform
+      easy.response_code.should == 200
+      easy.response_body.should include("this is a body!")
+    end
+  end
+  
+  describe "post" do
+    it "should perform a post" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :post
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["REQUEST_METHOD"].should == "POST"
+    end
+    
+    it "should send a request body" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :post
+      easy.request_body = "this is a body!"
+      easy.perform
+      easy.response_code.should == 200
+      easy.response_body.should include("this is a body!")
+    end
+    
+    it "should handle params" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :post
+      easy.params = {:foo => "bar"}
+      easy.perform
+      easy.response_code.should == 200
+      easy.response_body.should include("foo=bar")
+    end
+  end
+  
+  describe "delete" do
+    it "should perform a delete" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :delete
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["REQUEST_METHOD"].should == "DELETE"
+    end
+    
+    it "should send a request body" do
+      easy = Typhoeus::Easy.new
+      easy.url    = "http://localhost:3002"
+      easy.method = :delete
+      easy.request_body = "this is a body!"
+      easy.perform
+      easy.response_code.should == 200
+      easy.response_body.should include("this is a body!")
+    end
+  end
+  
+  describe "encoding/compression support" do
+    
+    it "should send valid encoding headers and decode the response" do
+      easy = Typhoeus::Easy.new
+      easy.url = "http://localhost:3002/gzipped"
+      easy.method = :get
+      easy.perform
+      easy.response_code.should == 200
+      JSON.parse(easy.response_body)["HTTP_ACCEPT_ENCODING"].should == "deflate, gzip"
+    end
+    
+  end
+end

data/spec/typhoeus/filter_spec.rb

@@ -0,0 +1,35 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Typhoeus::Filter do
+  it "should take a method name and optionally take options" do
+    filter = Typhoeus::Filter.new(:bar, :only => :foo)
+    filter = Typhoeus::Filter.new(:bar)
+  end
+  
+  describe "#apply_filter?" do
+    it "should return true for any method when :only and :except aren't specified" do
+      filter = Typhoeus::Filter.new(:bar)
+      filter.apply_filter?(:asdf).should be_true
+    end
+    
+    it "should return true if a method is in only" do
+      filter = Typhoeus::Filter.new(:bar, :only => :foo)
+      filter.apply_filter?(:foo).should be_true
+    end
+    
+    it "should return false if a method isn't in only" do
+      filter = Typhoeus::Filter.new(:bar, :only => :foo)
+      filter.apply_filter?(:bar).should be_false
+    end
+    
+    it "should return true if a method isn't in except" do
+      filter = Typhoeus::Filter.new(:bar, :except => :foo)
+      filter.apply_filter?(:bar).should be_true
+    end
+    
+    it "should return false if a method is in except" do
+      filter = Typhoeus::Filter.new(:bar, :except => :foo)
+      filter.apply_filter?(:foo).should be_false
+    end
+  end
+end

data/spec/typhoeus/hydra_mock_spec.rb

@@ -0,0 +1,300 @@
+require File.expand_path(File.dirname(__FILE__) + "/../spec_helper")
+
+describe Typhoeus::HydraMock do
+  it "should mark all responses as mocks" do
+    response = Typhoeus::Response.new(:mock => false)
+    response.should_not be_mock
+
+    mock = Typhoeus::HydraMock.new("http://localhost", :get)
+    mock.and_return(response)
+
+    mock.response.should be_mock
+    response.should be_mock
+  end
+
+  describe "stubbing response values" do
+    before(:each) do
+      @stub = Typhoeus::HydraMock.new('http://localhost:3000', :get)
+    end
+
+    describe "with a single response" do
+      it "should always return that response" do
+        response = Typhoeus::Response.new
+        @stub.and_return(response)
+
+        5.times do
+          @stub.response.should == response
+        end
+      end
+    end
+
+    describe "with multiple responses" do
+      it "should return consecutive responses in the array, then keep returning the last one" do
+        responses = []
+        3.times do |i|
+          responses << Typhoeus::Response.new(:body => "response #{i}")
+        end
+
+        # Stub 3 consecutive responses.
+        @stub.and_return(responses)
+
+        0.upto(2) do |i|
+          @stub.response.should == responses[i]
+        end
+
+        5.times do
+          @stub.response.should == responses.last
+        end
+      end
+    end
+  end
+
+  describe "#matches?" do
+    describe "basic matching" do
+      it "should not match if the HTTP verbs are different" do
+        request = Typhoeus::Request.new("http://localhost:3000",
+                                        :method => :get)
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :post)
+        mock.matches?(request).should be_false
+      end
+    end
+
+    describe "matching on ports" do
+      it "should handle default port 80 sanely" do
+        mock = Typhoeus::HydraMock.new('http://www.example.com:80/', :get,
+                                       :headers => { 'user-agent' => 'test' })
+        request = Typhoeus::Request.new('http://www.example.com/',
+                                        :method => :get,
+                                        :user_agent => 'test')
+        mock.matches?(request).should be_true
+      end
+
+      it "should handle default port 443 sanely" do
+        mock = Typhoeus::HydraMock.new('https://www.example.com:443/', :get,
+                                       :headers => { 'user-agent' => 'test' })
+        request = Typhoeus::Request.new('https://www.example.com/',
+                                        :method => :get,
+                                        :user_agent => 'test')
+        mock.matches?(request).should be_true
+      end
+    end
+
+
+    describe "any HTTP verb" do
+      it "should match any verb" do
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :any,
+                                       :headers => { 'user-agent' => 'test' })
+        [:get, :post, :delete, :put].each do |verb|
+          request = Typhoeus::Request.new("http://localhost:3000",
+                                          :method => verb,
+                                          :user_agent => 'test')
+          mock.matches?(request).should be_true
+        end
+      end
+    end
+
+    describe "header matching" do
+      def request(options = {})
+        Typhoeus::Request.new("http://localhost:3000", options.merge(:method => :get))
+      end
+
+      def mock(options = {})
+        Typhoeus::HydraMock.new("http://localhost:3000", :get, options)
+      end
+
+      context 'when no :headers option is given' do
+        subject { mock }
+
+        it "matches regardless of whether or not the request has headers" do
+          subject.matches?(request(:headers => nil)).should be_true
+          subject.matches?(request(:headers => {})).should be_true
+          subject.matches?(request(:headers => { 'a' => 'b' })).should be_true
+        end
+      end
+
+      [nil, {}].each do |value|
+        context "for :headers => #{value.inspect}" do
+          subject { mock(:headers => value) }
+
+          it "matches when the request has no headers" do
+            subject.matches?(request(:headers => nil)).should be_true
+            subject.matches?(request(:headers => {})).should be_true
+          end
+
+          it "does not match when the request has headers" do
+            subject.matches?(request(:headers => { 'a' => 'b' })).should be_false
+          end
+        end
+      end
+
+      context 'for :headers => [a hash]' do
+        it 'does not match if the request has no headers' do
+          m = mock(:headers => { 'A' => 'B', 'C' => 'D' })
+
+          m.matches?(request).should be_false
+          m.matches?(request(:headers => nil)).should be_false
+          m.matches?(request(:headers => {})).should be_false
+        end
+
+        it 'does not match if the request lacks any of the given headers' do
+          mock(
+            :headers => { 'A' => 'B', 'C' => 'D' }
+          ).matches?(request(
+            :headers => { 'A' => 'B' }
+          )).should be_false
+        end
+
+        it 'does not match if any of the specified values are different from the request value' do
+          mock(
+            :headers => { 'A' => 'B', 'C' => 'D' }
+          ).matches?(request(
+            :headers => { 'A' => 'B', 'C' => 'E' }
+          )).should be_false
+        end
+
+        it 'matches if the given hash is exactly equal to the request headers' do
+          mock(
+            :headers => { 'A' => 'B', 'C' => 'D' }
+          ).matches?(request(
+            :headers => { 'A' => 'B', 'C' => 'D' }
+          )).should be_true
+        end
+
+        it 'matches even if the request has additional headers not specified in the mock' do
+          mock(
+            :headers => { 'A' => 'B', 'C' => 'D' }
+          ).matches?(request(
+            :headers => { 'A' => 'B', 'C' => 'D', 'E' => 'F' }
+          )).should be_true
+        end
+
+        it 'matches even if the casing of the header keys is different between the mock and request' do
+          mock(
+            :headers => { 'A' => 'B', 'c' => 'D' }
+          ).matches?(request(
+            :headers => { 'a' => 'B', 'C' => 'D' }
+          )).should be_true
+        end
+
+        it 'matches if the mocked values are regexes and match the request values' do
+          mock(
+            :headers => { 'A' => /foo/, }
+          ).matches?(request(
+            :headers => { 'A' => 'foo bar' }
+          )).should be_true
+        end
+
+        it 'does not match if the mocked values are regexes and do not match the request values' do
+          mock(
+            :headers => { 'A' => /foo/, }
+          ).matches?(request(
+            :headers => { 'A' => 'bar' }
+          )).should be_false
+        end
+
+        context 'when a header is specified as an array' do
+          it 'matches when the request header has the same array' do
+            mock(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            ).matches?(request(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            )).should be_true
+          end
+
+          it 'matches when the request header is a single value and the mock array has the same value' do
+            mock(
+              :headers => { 'Accept' => ['text/html'] }
+            ).matches?(request(
+              :headers => { 'Accept' => 'text/html' }
+            )).should be_true
+          end
+
+          it 'matches even when the request header array is ordered differently' do
+            mock(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            ).matches?(request(
+              :headers => { 'Accept' => ['text/plain', 'text/html'] }
+            )).should be_true
+          end
+
+          it 'does not match when the request header array lacks a value' do
+            mock(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            ).matches?(request(
+              :headers => { 'Accept' => ['text/plain'] }
+            )).should be_false
+          end
+
+          it 'does not match when the request header array has an extra value' do
+            mock(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            ).matches?(request(
+              :headers => { 'Accept' => ['text/html', 'text/plain', 'application/xml'] }
+            )).should be_false
+          end
+
+          it 'does not match when the request header is not an array' do
+            mock(
+              :headers => { 'Accept' => ['text/html', 'text/plain'] }
+            ).matches?(request(
+              :headers => { 'Accept' => 'text/html' }
+            )).should be_false
+          end
+        end
+      end
+    end
+
+    describe "post body matching" do
+      it "should not bother matching on body if we don't turn the option on" do
+        request = Typhoeus::Request.new("http://localhost:3000",
+                                        :method => :get,
+                                        :user_agent => 'test',
+                                        :body => "fdsafdsa")
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :get,
+                                       :headers => { 'user-agent' => 'test' })
+        mock.matches?(request).should be_true
+      end
+
+      it "should match nil correctly" do
+        request = Typhoeus::Request.new("http://localhost:3000",
+                                        :method => :get,
+                                        :body => "fdsafdsa")
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :get,
+                                       :body => nil)
+        mock.matches?(request).should be_false
+      end
+
+      it "should not match if the bodies do not match" do
+        request = Typhoeus::Request.new("http://localhost:3000",
+                                        :method => :get,
+                                        :body => "ffdsadsafdsa")
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :get,
+                                       :body => 'fdsafdsa')
+        mock.matches?(request).should be_false
+      end
+
+      it "should match on optional body parameter" do
+        request = Typhoeus::Request.new("http://localhost:3000",
+                                        :method => :get,
+                                        :user_agent => 'test',
+                                        :body => "fdsafdsa")
+        mock = Typhoeus::HydraMock.new("http://localhost:3000", :get,
+                                       :body => 'fdsafdsa',
+                                       :headers => {
+                                         'User-Agent' => 'test'
+                                       })
+        mock.matches?(request).should be_true
+      end
+
+      it "should regex match" do
+        request = Typhoeus::Request.new("http://localhost:3000/whatever/fdsa",
+                                        :method => :get,
+                                        :user_agent => 'test')
+        mock = Typhoeus::HydraMock.new(/fdsa/, :get,
+                                       :headers => { 'user-agent' => 'test' })
+        mock.matches?(request).should be_true
+      end
+    end
+  end
+end
+