(t *testing.T)
| 455 | } |
| 456 | |
| 457 | func TestDecompress_LargePayloadDosPrevention(t *testing.T) { |
| 458 | e := echo.New() |
| 459 | // Simulate a DoS attack with highly compressed large payload |
| 460 | largeSize := 10 * 1024 * 1024 // 10MB decompressed |
| 461 | largeBody := bytes.Repeat([]byte("Z"), largeSize) |
| 462 | var buf bytes.Buffer |
| 463 | gzWriter := gzip.NewWriter(&buf) |
| 464 | gzWriter.Write(largeBody) |
| 465 | gzWriter.Close() |
| 466 | |
| 467 | req := httptest.NewRequest(http.MethodPost, "/", &buf) |
| 468 | req.Header.Set(echo.HeaderContentEncoding, GZIPEncoding) |
| 469 | rec := httptest.NewRecorder() |
| 470 | c := e.NewContext(req, rec) |
| 471 | |
| 472 | h, err := DecompressConfig{MaxDecompressedSize: 1 * MB}.ToMiddleware() |
| 473 | assert.NoError(t, err) |
| 474 | |
| 475 | err = h(func(c *echo.Context) error { |
| 476 | _, readErr := io.ReadAll(c.Request().Body) |
| 477 | return readErr |
| 478 | })(c) |
| 479 | |
| 480 | // Should prevent DoS by returning 413 |
| 481 | assert.Error(t, err) |
| 482 | he, ok := err.(echo.HTTPStatusCoder) |
| 483 | assert.True(t, ok) |
| 484 | assert.Equal(t, http.StatusRequestEntityTooLarge, he.StatusCode()) |
| 485 | } |
| 486 | |
| 487 | func BenchmarkDecompress_WithLimit(b *testing.B) { |
| 488 | e := echo.New() |
nothing calls this directly
no test coverage detected
searching dependent graphs…