Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/authprovider/file_test.go
4538 views
1
package authprovider

2


3
import (

4
	"fmt"

5
	"net/http"

6
	"os"

7
	"path/filepath"

8
	"sync"

9
	"sync/atomic"

10
	"testing"

11
	"time"

12


13
	"github.com/projectdiscovery/nuclei/v3/pkg/authprovider/authx"

14
	"github.com/stretchr/testify/require"

15
)

16


17
func TestFileAuthProviderDynamicSecretConcurrentAccess(t *testing.T) {

18
	secretFile := filepath.Join(t.TempDir(), "secret.yaml")

19
	secretData := []byte(`id: test-auth

20
info:

21
  name: test

22
  author: test

23
  severity: info

24
dynamic:

25
  - template: auth-template.yaml

26
    variables:

27
      - key: username

28
        value: test

29
    type: Header

30
    domains:

31
      - example.com

32
    headers:

33
      - key: Authorization

34
        value: "Bearer {{token}}"

35
`)

36
	require.NoError(t, os.WriteFile(secretFile, secretData, 0o600))

37


38
	var fetchCalls atomic.Int32

39
	provider, err := NewFileAuthProvider(secretFile, func(dynamic *authx.Dynamic) error {

40
		fetchCalls.Add(1)

41
		time.Sleep(75 * time.Millisecond)

42
		dynamic.Extracted = map[string]interface{}{"token": "session-token"}

43
		return nil

44
	})

45
	require.NoError(t, err)

46


47
	const workers = 20

48
	barrier := make(chan struct{})

49
	errs := make(chan error, workers)

50
	var wg sync.WaitGroup

51
	wg.Add(workers)

52


53
	for i := 0; i < workers; i++ {

54
		go func() {

55
			defer wg.Done()

56
			<-barrier

57


58
			strategies := provider.LookupAddr("example.com")

59
			if len(strategies) == 0 {

60
				errs <- fmt.Errorf("no auth strategies found")

61
				return

62
			}

63


64
			req, reqErr := http.NewRequest(http.MethodGet, "https://example.com", nil)

65
			if reqErr != nil {

66
				errs <- reqErr

67
				return

68
			}

69
			for _, strategy := range strategies {

70
				strategy.Apply(req)

71
			}

72
			if got := req.Header.Get("Authorization"); got != "Bearer session-token" {

73
				errs <- fmt.Errorf("expected Authorization header to be set, got %q", got)

74
			}

75
		}()

76
	}

77


78
	close(barrier)

79
	wg.Wait()

80
	close(errs)

81


82
	for gotErr := range errs {

83
		require.NoError(t, gotErr)

84
	}

85
	require.Equal(t, int32(1), fetchCalls.Load(), "dynamic secret fetch should execute once")

86
}

87


88