MCPcopy
hub / github.com/uber-go/zap / TestAtomicLevelServeHTTPBadLevel

Function TestAtomicLevelServeHTTPBadLevel

http_handler_test.go:220–239  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

218}
219
220func TestAtomicLevelServeHTTPBadLevel(t *testing.T) {
221 srv := httptest.NewServer(zap.NewAtomicLevel())
222 defer srv.Close()
223
224 req, err := http.NewRequest(http.MethodPut, srv.URL, strings.NewReader(`{"level":"<script>alert(\"malicious\")</script>"}`))
225 require.NoError(t, err, "Error constructing request.")
226
227 res, err := http.DefaultClient.Do(req)
228 require.NoError(t, err, "Error making request.")
229 defer func() {
230 assert.NoError(t, res.Body.Close(), "Error closing response body.")
231 }()
232
233 assert.Equal(t, http.StatusBadRequest, res.StatusCode, "Unexpected status code.")
234 resBody, err := io.ReadAll(res.Body)
235 require.NoError(t, err, "Error reading response body.")
236
237 assert.Contains(t, string(resBody), "unrecognized level", "Unexpected error message.")
238 assert.NotContains(t, string(resBody), "<script>", "Unexpected error message.")
239}
240
241func FuzzAtomicLevelServeHTTP(f *testing.F) {
242 f.Add(`{"level":"info"}`)

Callers

nothing calls this directly

Calls 2

NewAtomicLevelFunction · 0.92
CloseMethod · 0.45

Tested by

no test coverage detected