(t *testing.T)
| 321 | } |
| 322 | |
| 323 | func TestDecompress_ZipBomb(t *testing.T) { |
| 324 | e := echo.New() |
| 325 | // Create highly compressed data that expands to 2MB |
| 326 | // but limit is 1MB |
| 327 | largeBody := bytes.Repeat([]byte("A"), 2*1024*1024) // 2MB |
| 328 | var buf bytes.Buffer |
| 329 | gzWriter := gzip.NewWriter(&buf) |
| 330 | gzWriter.Write(largeBody) |
| 331 | gzWriter.Close() |
| 332 | |
| 333 | req := httptest.NewRequest(http.MethodPost, "/", &buf) |
| 334 | req.Header.Set(echo.HeaderContentEncoding, GZIPEncoding) |
| 335 | rec := httptest.NewRecorder() |
| 336 | c := e.NewContext(req, rec) |
| 337 | |
| 338 | h, err := DecompressConfig{MaxDecompressedSize: 1 * MB}.ToMiddleware() |
| 339 | assert.NoError(t, err) |
| 340 | |
| 341 | err = h(func(c *echo.Context) error { |
| 342 | _, readErr := io.ReadAll(c.Request().Body) |
| 343 | return readErr |
| 344 | })(c) |
| 345 | |
| 346 | // Should return 413 error |
| 347 | assert.Error(t, err) |
| 348 | he, ok := err.(echo.HTTPStatusCoder) |
| 349 | assert.True(t, ok) |
| 350 | assert.Equal(t, http.StatusRequestEntityTooLarge, he.StatusCode()) |
| 351 | } |
| 352 | |
| 353 | func TestDecompress_UnlimitedExplicit(t *testing.T) { |
| 354 | e := echo.New() |
nothing calls this directly
no test coverage detected
searching dependent graphs…