(t *testing.T)
| 257 | } |
| 258 | |
| 259 | func TestSecureRequestDump(t *testing.T) { |
| 260 | tests := []struct { |
| 261 | name string |
| 262 | req *http.Request |
| 263 | wantContains string |
| 264 | wantNotContain string |
| 265 | }{ |
| 266 | { |
| 267 | name: "Authorization header standard case", |
| 268 | req: func() *http.Request { |
| 269 | r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil) |
| 270 | r.Header.Set("Authorization", "Bearer secret-token") |
| 271 | return r |
| 272 | }(), |
| 273 | wantContains: "Authorization: *", |
| 274 | wantNotContain: "Bearer secret-token", |
| 275 | }, |
| 276 | { |
| 277 | name: "authorization header lowercase", |
| 278 | req: func() *http.Request { |
| 279 | r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil) |
| 280 | r.Header.Set("authorization", "some-secret") |
| 281 | return r |
| 282 | }(), |
| 283 | wantContains: "Authorization: *", |
| 284 | wantNotContain: "some-secret", |
| 285 | }, |
| 286 | { |
| 287 | name: "Authorization header mixed case", |
| 288 | req: func() *http.Request { |
| 289 | r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil) |
| 290 | r.Header.Set("AuThOrIzAtIoN", "token123") |
| 291 | return r |
| 292 | }(), |
| 293 | wantContains: "Authorization: *", |
| 294 | wantNotContain: "token123", |
| 295 | }, |
| 296 | { |
| 297 | name: "No Authorization header", |
| 298 | req: func() *http.Request { |
| 299 | r, _ := http.NewRequest(http.MethodGet, "http://example.com", nil) |
| 300 | r.Header.Set("Content-Type", "application/json") |
| 301 | return r |
| 302 | }(), |
| 303 | wantContains: "", |
| 304 | wantNotContain: "Authorization: *", |
| 305 | }, |
| 306 | } |
| 307 | |
| 308 | for _, tt := range tests { |
| 309 | t.Run(tt.name, func(t *testing.T) { |
| 310 | result := secureRequestDump(tt.req) |
| 311 | if tt.wantContains != "" && !strings.Contains(result, tt.wantContains) { |
| 312 | t.Errorf("maskHeaders() = %q, want contains %q", result, tt.wantContains) |
| 313 | } |
| 314 | if tt.wantNotContain != "" && strings.Contains(result, tt.wantNotContain) { |
| 315 | t.Errorf("maskHeaders() = %q, want NOT contain %q", result, tt.wantNotContain) |
| 316 | } |
nothing calls this directly
no test coverage detected