From ac7adcbd1f04f68a14dd4e351884a1fcd61ad772 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <xdrm.brackets.dev@gmail.com>
Date: Tue, 19 Nov 2019 16:53:02 +0100
Subject: [PATCH] Test with url encoded body parameters

---
 internal/reqdata/store_test.go | 157 +++++++++++++++++++++++++++++++++
 1 file changed, 157 insertions(+)

diff --git a/internal/reqdata/store_test.go b/internal/reqdata/store_test.go
index 1f16410..77aa930 100644
--- a/internal/reqdata/store_test.go
+++ b/internal/reqdata/store_test.go
@@ -1,6 +1,7 @@
 package reqdata
 
 import (
+	"bytes"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -220,3 +221,159 @@ func TestStoreWithGet(t *testing.T) {
 	}
 
 }
+
+func TestStoreWithUrlEncodedForm(t *testing.T) {
+	tests := []struct {
+		URLEncoded string
+
+		InvalidNames []string
+		ParamNames   []string
+		ParamValues  [][]string
+	}{
+		{
+			URLEncoded:   "",
+			InvalidNames: []string{},
+			ParamNames:   []string{},
+			ParamValues:  [][]string{},
+		},
+		{
+			URLEncoded:   "a",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a"},
+			ParamValues:  [][]string{[]string{""}},
+		},
+		{
+			URLEncoded:   "a&b",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a", "b"},
+			ParamValues:  [][]string{[]string{""}, []string{""}},
+		},
+		{
+			URLEncoded:   "a=",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a"},
+			ParamValues:  [][]string{[]string{""}},
+		},
+		{
+			URLEncoded:   "a=&b=x",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a", "b"},
+			ParamValues:  [][]string{[]string{""}, []string{"x"}},
+		},
+		{
+			URLEncoded:   "a=b&c=d",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a", "c"},
+			ParamValues:  [][]string{[]string{"b"}, []string{"d"}},
+		},
+		{
+			URLEncoded:   "a=b&c=d&a=x",
+			InvalidNames: []string{},
+			ParamNames:   []string{"a", "c"},
+			ParamValues:  [][]string{[]string{"b", "x"}, []string{"d"}},
+		},
+		{
+			URLEncoded:   "a=b&_invalid=x",
+			InvalidNames: []string{"_invalid"},
+			ParamNames:   []string{"a", "_invalid"},
+			ParamValues:  [][]string{[]string{"b"}, []string{""}},
+		},
+		{
+			URLEncoded:   "a=b&invalid_=x",
+			InvalidNames: []string{"invalid_"},
+			ParamNames:   []string{"a", "invalid_"},
+			ParamValues:  [][]string{[]string{"b"}, []string{""}},
+		},
+		{
+			URLEncoded:   "a=b&GET@injection=x",
+			InvalidNames: []string{"GET@injection"},
+			ParamNames:   []string{"a", "GET@injection"},
+			ParamValues:  [][]string{[]string{"b"}, []string{""}},
+		},
+		{
+			URLEncoded:   "a=b&URL#injection=x",
+			InvalidNames: []string{"URL#injection"},
+			ParamNames:   []string{"a", "URL#injection"},
+			ParamValues:  [][]string{[]string{"b"}, []string{""}},
+		},
+	}
+
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("request.%d", i), func(t *testing.T) {
+			body := bytes.NewBufferString(test.URLEncoded)
+			req := httptest.NewRequest(http.MethodPost, "http://host.com", body)
+			req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+			defer req.Body.Close()
+			store := New(nil, req)
+
+			if test.ParamNames == nil || test.ParamValues == nil {
+				if len(store.Set) != 0 {
+					t.Errorf("expected no FORM parameters and got %d", len(store.Get))
+					t.Failed()
+				}
+
+				// no param to check
+				return
+			}
+
+			if len(test.ParamNames) != len(test.ParamValues) {
+				t.Errorf("invalid test: names and values differ in size (%d vs %d)", len(test.ParamNames), len(test.ParamValues))
+				t.Failed()
+			}
+
+			for pi, pName := range test.ParamNames {
+				key := pName
+				values := test.ParamValues[pi]
+
+				isNameValid := true
+				for _, invalid := range test.InvalidNames {
+					if pName == invalid {
+						isNameValid = false
+					}
+				}
+
+				t.Run(key, func(t *testing.T) {
+
+					param, isset := store.Set[key]
+					if !isset {
+						if isNameValid {
+							t.Errorf("store should contain element with key '%s'", key)
+							t.Failed()
+						}
+						return
+					}
+
+					// if should be invalid
+					if isset && !isNameValid {
+						t.Errorf("store should NOT contain element with key '%s' (invalid name)", key)
+						t.Failed()
+					}
+
+					cast, canCast := param.Value.([]string)
+
+					if !canCast {
+						t.Errorf("should return a []string (got '%v')", cast)
+						t.Failed()
+					}
+
+					if len(cast) != len(values) {
+						t.Errorf("should return %d string(s) (got '%d')", len(values), len(cast))
+						t.Failed()
+					}
+
+					for vi, value := range values {
+
+						t.Run(fmt.Sprintf("value.%d", vi), func(t *testing.T) {
+							if value != cast[vi] {
+								t.Errorf("should return '%s' (got '%s')", value, cast[vi])
+								t.Failed()
+							}
+						})
+					}
+				})
+
+			}
+		})
+	}
+
+}