From 76f0e5535d74823292fba616414b887f2e1b92b5 Mon Sep 17 00:00:00 2001 From: Emmanuel Gautier Date: Sun, 27 Oct 2024 16:01:17 +0100 Subject: [PATCH] feat: add setter and getter for default client --- api/curl.go | 1 + api/graphql.go | 1 + cmd/scan/curl.go | 2 + cmd/scan/graphql.go | 2 + cmd/scan/openapi.go | 2 + internal/request/client.go | 16 ++++- internal/request/client_test.go | 63 +++++++++++++++++++ internal/request/operation.go | 2 +- internal/request/request.go | 2 +- internal/request/request_test.go | 14 ++--- .../authentication_bypass_test.go | 4 +- .../jwt/alg_none/alg_none_test.go | 8 +-- .../jwt/blank_secret/blank_secret_test.go | 8 +-- .../jwt/not_verified/not_verified_test.go | 6 +- .../jwt/null_signature/null_signature_test.go | 6 +- .../jwt/weak_secret/weak_secret_test.go | 6 +- scan/discover/fingerprint/fingerprint_test.go | 18 +++--- scan/discover/utils_test.go | 6 +- .../introspection_enabled_test.go | 4 +- .../http_cookies/http_cookies_test.go | 14 ++--- .../http_headers/http_headers_test.go | 18 +++--- .../http_method_override_test.go | 12 ++-- .../http_trace/http_trace_method_test.go | 4 +- .../http_track/http_track_method_test.go | 4 +- scenario/discover_api.go | 2 +- scenario/discover_domain.go | 2 +- scenario/graphql.go | 2 +- scenario/openapi.go | 2 +- scenario/url.go | 2 +- 29 files changed, 158 insertions(+), 75 deletions(-) create mode 100644 internal/request/client_test.go diff --git a/api/curl.go b/api/curl.go index 39267b62..3cf59b1d 100644 --- a/api/curl.go +++ b/api/curl.go @@ -36,6 +36,7 @@ func (h *Handler) ScanURL(ctx *gin.Context) { opts.Header = ctx.Request.Header opts.Cookies = ctx.Request.Cookies() client := request.NewClient(opts) + s, err := scenario.NewURLScan(form.Method, form.URL, form.Data, client, &scan.ScanOptions{ IncludeScans: form.Opts.Scans, ExcludeScans: form.Opts.ExcludeScans, diff --git a/api/graphql.go b/api/graphql.go index b5ce6542..dc48702d 100644 --- a/api/graphql.go +++ b/api/graphql.go @@ -32,6 +32,7 @@ func (h *Handler) ScanGraphQL(ctx *gin.Context) { opts.Header = ctx.Request.Header opts.Cookies = ctx.Request.Cookies() client := request.NewClient(opts) + s, err := scenario.NewGraphQLScan(form.Endpoint, client, &scan.ScanOptions{ IncludeScans: form.Opts.Scans, ExcludeScans: form.Opts.ExcludeScans, diff --git a/cmd/scan/curl.go b/cmd/scan/curl.go index 6100a8f4..69a55ef6 100644 --- a/cmd/scan/curl.go +++ b/cmd/scan/curl.go @@ -4,6 +4,7 @@ import ( "log" internalCmd "github.com/cerberauth/vulnapi/internal/cmd" + "github.com/cerberauth/vulnapi/internal/request" "github.com/cerberauth/vulnapi/scan" "github.com/cerberauth/vulnapi/scenario" "github.com/cerberauth/x/analyticsx" @@ -40,6 +41,7 @@ func NewCURLScanCmd() (scanCmd *cobra.Command) { analyticsx.TrackError(ctx, tracer, err) log.Fatal(err) } + request.SetDefaultClient(client) s, err := scenario.NewURLScan(curlMethod, curlUrl, curlData, client, &scan.ScanOptions{ IncludeScans: internalCmd.GetIncludeScans(), diff --git a/cmd/scan/graphql.go b/cmd/scan/graphql.go index 3edf8f80..fe10cd26 100644 --- a/cmd/scan/graphql.go +++ b/cmd/scan/graphql.go @@ -4,6 +4,7 @@ import ( "log" internalCmd "github.com/cerberauth/vulnapi/internal/cmd" + "github.com/cerberauth/vulnapi/internal/request" "github.com/cerberauth/vulnapi/scan" "github.com/cerberauth/vulnapi/scenario" "github.com/cerberauth/x/analyticsx" @@ -32,6 +33,7 @@ func NewGraphQLScanCmd() (scanCmd *cobra.Command) { analyticsx.TrackError(ctx, tracer, err) log.Fatal(err) } + request.SetDefaultClient(client) s, err := scenario.NewGraphQLScan(graphqlEndpoint, client, &scan.ScanOptions{ IncludeScans: internalCmd.GetIncludeScans(), diff --git a/cmd/scan/openapi.go b/cmd/scan/openapi.go index 602a29c9..ac5c4d53 100644 --- a/cmd/scan/openapi.go +++ b/cmd/scan/openapi.go @@ -7,6 +7,7 @@ import ( "github.com/cerberauth/vulnapi/internal/auth" internalCmd "github.com/cerberauth/vulnapi/internal/cmd" + "github.com/cerberauth/vulnapi/internal/request" "github.com/cerberauth/vulnapi/openapi" "github.com/cerberauth/vulnapi/scan" "github.com/cerberauth/vulnapi/scenario" @@ -74,6 +75,7 @@ func NewOpenAPIScanCmd() (scanCmd *cobra.Command) { analyticsx.TrackError(ctx, tracer, err) log.Fatal(err) } + request.SetDefaultClient(client) s, err := scenario.NewOpenAPIScan(openapi, securitySchemesValues, client, &scan.ScanOptions{ IncludeScans: internalCmd.GetIncludeScans(), diff --git a/internal/request/client.go b/internal/request/client.go index acc3edfa..8cb0e2fd 100644 --- a/internal/request/client.go +++ b/internal/request/client.go @@ -10,7 +10,19 @@ import ( var rl = ratelimit.New(10) -var DefaultClient = NewClient(NewClientOptions{}) +var defaultClient *Client = nil + +func GetDefaultClient() *Client { + if defaultClient == nil { + defaultClient = NewClient(NewClientOptions{}) + } + + return defaultClient +} + +func SetDefaultClient(client *Client) { + defaultClient = client +} type Client struct { *http.Client @@ -53,7 +65,7 @@ func NewClient(opts NewClientOptions) *Client { return &Client{ &http.Client{ - Timeout: 10 * time.Second, + Timeout: opts.Timeout, Transport: &http.Transport{ Proxy: proxy, diff --git a/internal/request/client_test.go b/internal/request/client_test.go new file mode 100644 index 00000000..d3a18115 --- /dev/null +++ b/internal/request/client_test.go @@ -0,0 +1,63 @@ +package request + +import ( + "net/http" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +func TestNewClient_DefaultOptions(t *testing.T) { + client := NewClient(NewClientOptions{}) + + assert.NotNil(t, client) + assert.Equal(t, 10*time.Second, client.Timeout) + assert.Equal(t, 100, client.Transport.(*http.Transport).MaxIdleConns) + assert.Equal(t, 100, client.Transport.(*http.Transport).MaxIdleConnsPerHost) + assert.Empty(t, client.Header) + assert.Empty(t, client.Cookies) +} + +func TestNewClient_CustomOptions(t *testing.T) { + header := http.Header{"Custom-Header": []string{"value"}} + cookies := []*http.Cookie{{Name: "test", Value: "cookie"}} + + client := NewClient(NewClientOptions{ + Timeout: 5 * time.Second, + Header: header, + Cookies: cookies, + }) + + assert.NotNil(t, client) + assert.Equal(t, 5*time.Second, client.Timeout) + assert.Equal(t, header, client.Header) + assert.Equal(t, cookies, client.Cookies) +} + +func TestGetClient(t *testing.T) { + client := GetDefaultClient() + assert.NotNil(t, client) +} + +func TestSetClient(t *testing.T) { + newClient := NewClient(NewClientOptions{}) + SetDefaultClient(newClient) + assert.Equal(t, newClient, GetDefaultClient()) +} + +func TestClient_WithHeader(t *testing.T) { + client := NewClient(NewClientOptions{}) + header := http.Header{"Custom-Header": []string{"value"}} + client = client.WithHeader(header) + + assert.Equal(t, header, client.Header) +} + +func TestClient_WithCookies(t *testing.T) { + client := NewClient(NewClientOptions{}) + cookies := []*http.Cookie{{Name: "test", Value: "cookie"}} + client = client.WithCookies(cookies) + + assert.Equal(t, cookies, client.Cookies) +} diff --git a/internal/request/operation.go b/internal/request/operation.go index f1717359..6abfbb76 100644 --- a/internal/request/operation.go +++ b/internal/request/operation.go @@ -51,7 +51,7 @@ type Operation struct { func NewOperation(method string, operationUrl string, body *bytes.Buffer, client *Client) (*Operation, error) { if client == nil { - client = DefaultClient + client = GetDefaultClient() } parsedUrl, err := url.Parse(operationUrl) diff --git a/internal/request/request.go b/internal/request/request.go index 2985a25c..a5209fce 100644 --- a/internal/request/request.go +++ b/internal/request/request.go @@ -14,7 +14,7 @@ type Request struct { func NewRequest(method string, reqUrl string, body io.Reader, client *Client) (*Request, error) { if client == nil { - client = DefaultClient + client = GetDefaultClient() } req, err := http.NewRequest(method, reqUrl, body) diff --git a/internal/request/request_test.go b/internal/request/request_test.go index 7f129e13..2f6cd1dd 100644 --- a/internal/request/request_test.go +++ b/internal/request/request_test.go @@ -69,7 +69,7 @@ func TestWithSecurityScheme(t *testing.T) { } func TestDo(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -93,7 +93,7 @@ func TestDo(t *testing.T) { } func TestDoWithHeaders(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -152,7 +152,7 @@ func TestDoWithClientHeaders(t *testing.T) { } func TestDoWithBody(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -178,7 +178,7 @@ func TestDoWithBody(t *testing.T) { } func TestDoWithSecuritySchemeHeaders(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -204,7 +204,7 @@ func TestDoWithSecuritySchemeHeaders(t *testing.T) { } func TestDoWithHeadersSecuritySchemeHeaders(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -236,7 +236,7 @@ func TestDoWithHeadersSecuritySchemeHeaders(t *testing.T) { } func TestDoWithCookiesSecuritySchemeHeaders(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -269,7 +269,7 @@ func TestDoWithCookiesSecuritySchemeHeaders(t *testing.T) { } func TestDoWithCookies(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/authentication_bypass/authentication_bypass_test.go b/scan/broken_authentication/authentication_bypass/authentication_bypass_test.go index 51f5baa2..84f82c14 100644 --- a/scan/broken_authentication/authentication_bypass/authentication_bypass_test.go +++ b/scan/broken_authentication/authentication_bypass/authentication_bypass_test.go @@ -23,7 +23,7 @@ func TestAuthenticationByPassScanHandler_Skipped_WhenNoAuthSecurityScheme(t *tes } func TestAuthenticationByPassScanHandler_Failed_WhenAuthIsByPassed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -39,7 +39,7 @@ func TestAuthenticationByPassScanHandler_Failed_WhenAuthIsByPassed(t *testing.T) } func TestAuthenticationByPassScanHandler_Passed_WhenAuthIsNotByPassed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/jwt/alg_none/alg_none_test.go b/scan/broken_authentication/jwt/alg_none/alg_none_test.go index 2fe0bfa8..af45a95f 100644 --- a/scan/broken_authentication/jwt/alg_none/alg_none_test.go +++ b/scan/broken_authentication/jwt/alg_none/alg_none_test.go @@ -24,7 +24,7 @@ func TestAlgNoneJwtScanHandler_WithoutSecurityScheme(t *testing.T) { } func TestAlgNoneJwtScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -41,7 +41,7 @@ func TestAlgNoneJwtScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testin } func TestAlgNoneJwtScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -58,7 +58,7 @@ func TestAlgNoneJwtScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) { } func TestAlgNoneJwtScanHandler_Failed_WhenOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -78,7 +78,7 @@ func TestAlgNoneJwtScanHandler_Failed_WhenOKResponse(t *testing.T) { } func TestAlgNoneJwtScanHandler_Failed_WhenOKResponseAndAlgNone(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/jwt/blank_secret/blank_secret_test.go b/scan/broken_authentication/jwt/blank_secret/blank_secret_test.go index 624ed5a3..d1d88054 100644 --- a/scan/broken_authentication/jwt/blank_secret/blank_secret_test.go +++ b/scan/broken_authentication/jwt/blank_secret/blank_secret_test.go @@ -23,7 +23,7 @@ func TestBlankSecretScanHandler_WithoutSecurityScheme(t *testing.T) { } func TestBlankSecretScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -39,7 +39,7 @@ func TestBlankSecretScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testi } func TestBlankSecretScanHandler_Passed_WhenNoJWTAndOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -55,7 +55,7 @@ func TestBlankSecretScanHandler_Passed_WhenNoJWTAndOKResponse(t *testing.T) { } func TestBlankSecretScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -72,7 +72,7 @@ func TestBlankSecretScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) { } func TestBlankSecretScanHandler_Failed_WhenOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/jwt/not_verified/not_verified_test.go b/scan/broken_authentication/jwt/not_verified/not_verified_test.go index c8367000..43cd8b14 100644 --- a/scan/broken_authentication/jwt/not_verified/not_verified_test.go +++ b/scan/broken_authentication/jwt/not_verified/not_verified_test.go @@ -33,7 +33,7 @@ func TestNotVerifiedScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testi } func TestNotVerifiedScanHandler_Failed_WhenUnauthorizedThenOK(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -55,7 +55,7 @@ func TestNotVerifiedScanHandler_Failed_WhenUnauthorizedThenOK(t *testing.T) { } func TestNotVerifiedScanHandler_Skipped_WhenOKFirstRequest(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -77,7 +77,7 @@ func TestNotVerifiedScanHandler_Skipped_WhenOKFirstRequest(t *testing.T) { } func TestNotVerifiedScanHandler_Failed_WhenUnauthorizedThenUnauthorized(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/jwt/null_signature/null_signature_test.go b/scan/broken_authentication/jwt/null_signature/null_signature_test.go index d6900d16..f0c018a2 100644 --- a/scan/broken_authentication/jwt/null_signature/null_signature_test.go +++ b/scan/broken_authentication/jwt/null_signature/null_signature_test.go @@ -23,7 +23,7 @@ func TestNullSignatureScanHandler_WithoutSecurityScheme(t *testing.T) { } func TestNullSignatureScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -39,7 +39,7 @@ func TestNullSignatureScanHandler_Passed_WhenNoJWTAndUnauthorizedResponse(t *tes } func TestNullSignatureScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -56,7 +56,7 @@ func TestNullSignatureScanHandler_Passed_WhenUnauthorizedResponse(t *testing.T) } func TestNullSignatureScanHandler_Failed_WhenOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/broken_authentication/jwt/weak_secret/weak_secret_test.go b/scan/broken_authentication/jwt/weak_secret/weak_secret_test.go index be2a22c4..886ed0cf 100644 --- a/scan/broken_authentication/jwt/weak_secret/weak_secret_test.go +++ b/scan/broken_authentication/jwt/weak_secret/weak_secret_test.go @@ -44,7 +44,7 @@ func TestWeakHMACSecretScanHandler_WithoutJWT(t *testing.T) { } func TestWeakHMACSecretScanHandler_Failed_WithWeakJWT(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -64,7 +64,7 @@ func TestWeakHMACSecretScanHandler_Failed_WithWeakJWT(t *testing.T) { } func TestWeakHMACSecretScanHandler_Failed_WithExpiredJWTSignedWithWeakSecret(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -98,7 +98,7 @@ func TestWeakHMACSecretScanHandler_Passed_WithStrongerJWT(t *testing.T) { } func TestWeakHMACSecretScanHandler_Failed_WithUnorderedClaims(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/discover/fingerprint/fingerprint_test.go b/scan/discover/fingerprint/fingerprint_test.go index a94e9239..9c81f5d6 100644 --- a/scan/discover/fingerprint/fingerprint_test.go +++ b/scan/discover/fingerprint/fingerprint_test.go @@ -13,7 +13,7 @@ import ( ) func TestCheckSignatureHeader_Failed_WithServerSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -34,7 +34,7 @@ func TestCheckSignatureHeader_Failed_WithServerSignatureHeader(t *testing.T) { } func TestCheckSignatureHeader_Failed_WithOSSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -55,7 +55,7 @@ func TestCheckSignatureHeader_Failed_WithOSSignatureHeader(t *testing.T) { } func TestCheckSignatureHeader_Failed_WithHostingSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -76,7 +76,7 @@ func TestCheckSignatureHeader_Failed_WithHostingSignatureHeader(t *testing.T) { } func TestCheckSignatureHeader_Failed_WithAuthenticationSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -97,7 +97,7 @@ func TestCheckSignatureHeader_Failed_WithAuthenticationSignatureHeader(t *testin } func TestCheckSignatureHeader_Failed_WithCDNSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -118,7 +118,7 @@ func TestCheckSignatureHeader_Failed_WithCDNSignatureHeader(t *testing.T) { } func TestCheckSignatureHeader_Failed_WithLanguageSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -139,7 +139,7 @@ func TestCheckSignatureHeader_Failed_WithLanguageSignatureHeader(t *testing.T) { } func TestCheckSignatureHeader_Failed_WithFrameworkSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -162,7 +162,7 @@ func TestCheckSignatureHeader_Failed_WithFrameworkSignatureHeader(t *testing.T) } func TestCheckSignatureHeader_Passed_WithoutDuplicate(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -181,7 +181,7 @@ func TestCheckSignatureHeader_Passed_WithoutDuplicate(t *testing.T) { } func TestCheckSignatureHeader_Passed_WithoutSignatureHeader(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/discover/utils_test.go b/scan/discover/utils_test.go index 5d38654e..276e470a 100644 --- a/scan/discover/utils_test.go +++ b/scan/discover/utils_test.go @@ -42,7 +42,7 @@ func TestExtractBaseURL(t *testing.T) { } func TestCreateURLScanHandler_WithTimeout(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -64,7 +64,7 @@ func TestCreateURLScanHandler_WithTimeout(t *testing.T) { } func TestCreateURLScanHandler_Passed_WhenNotFoundURLs(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -89,7 +89,7 @@ func TestCreateURLScanHandler_Passed_WhenNotFoundURLs(t *testing.T) { } func TestCreateURLScanHandler_Failed_WhenFoundExposedURLs(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/graphql/introspection_enabled/introspection_enabled_test.go b/scan/graphql/introspection_enabled/introspection_enabled_test.go index 9c742dce..2c075afe 100644 --- a/scan/graphql/introspection_enabled/introspection_enabled_test.go +++ b/scan/graphql/introspection_enabled/introspection_enabled_test.go @@ -13,7 +13,7 @@ import ( ) func TestGraphqlIntrospectionScanHandler_Failed_WhenRespondHTTPStatusIsOK(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -29,7 +29,7 @@ func TestGraphqlIntrospectionScanHandler_Failed_WhenRespondHTTPStatusIsOK(t *tes } func TestGraphqlIntrospectionScanHandler_Passed_WhenNotFoundStatus(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/misconfiguration/http_cookies/http_cookies_test.go b/scan/misconfiguration/http_cookies/http_cookies_test.go index 52f023c4..0b8842f5 100644 --- a/scan/misconfiguration/http_cookies/http_cookies_test.go +++ b/scan/misconfiguration/http_cookies/http_cookies_test.go @@ -14,7 +14,7 @@ import ( ) func TestHTTPCookiesScanHandler_Skipped_WhenNoCookies(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -32,7 +32,7 @@ func TestHTTPCookiesScanHandler_Skipped_WhenNoCookies(t *testing.T) { } func TestHTTPCookiesScanHandler_Passed_WhenNoUnsecurePractices(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -61,7 +61,7 @@ func TestHTTPCookiesScanHandler_Passed_WhenNoUnsecurePractices(t *testing.T) { } func TestHTTPCookiesScanHandler_Failed_WhenNotHttpOnly(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -90,7 +90,7 @@ func TestHTTPCookiesScanHandler_Failed_WhenNotHttpOnly(t *testing.T) { } func TestHTTPCookiesScanHandlerFailed_WhenNotSecure(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -119,7 +119,7 @@ func TestHTTPCookiesScanHandlerFailed_WhenNotSecure(t *testing.T) { } func TestHTTPCookiesScanHandler_Failed_WhenSameSiteNone(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -148,7 +148,7 @@ func TestHTTPCookiesScanHandler_Failed_WhenSameSiteNone(t *testing.T) { } func TestHTTPCookiesScanHandler_Failed_WhithoutSameSite(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -176,7 +176,7 @@ func TestHTTPCookiesScanHandler_Failed_WhithoutSameSite(t *testing.T) { } func TestHTTPCookiesScanHandler_Failed_WhenExpiresNotSet(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/misconfiguration/http_headers/http_headers_test.go b/scan/misconfiguration/http_headers/http_headers_test.go index 69a1b6c0..0a75eec8 100644 --- a/scan/misconfiguration/http_headers/http_headers_test.go +++ b/scan/misconfiguration/http_headers/http_headers_test.go @@ -24,7 +24,7 @@ func getValidHTTPHeaders(_ *request.Operation) http.Header { } func TestHTTPHeadersScanHandler_Passed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -48,7 +48,7 @@ func TestHTTPHeadersScanHandler_Passed(t *testing.T) { } func TestHTTPHeadersBestPracticesWithoutCSPScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -67,7 +67,7 @@ func TestHTTPHeadersBestPracticesWithoutCSPScanHandler(t *testing.T) { } func TestHTTPHeadersBestPracticesWithoutFrameAncestorsCSPDirectiveScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -86,7 +86,7 @@ func TestHTTPHeadersBestPracticesWithoutFrameAncestorsCSPDirectiveScanHandler(t } func TestHTTPHeadersBestPracticesWithNotNoneFrameAncestorsCSPDirectiveScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -105,7 +105,7 @@ func TestHTTPHeadersBestPracticesWithNotNoneFrameAncestorsCSPDirectiveScanHandle } func TestHTTPHeadersBestPracticesWithoutCORSScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -124,7 +124,7 @@ func TestHTTPHeadersBestPracticesWithoutCORSScanHandler(t *testing.T) { } func TestHTTPHeadersBestPracticesWithPermissiveCORSScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -143,7 +143,7 @@ func TestHTTPHeadersBestPracticesWithPermissiveCORSScanHandler(t *testing.T) { } func TestHTTPHeadersBestPracticesWithoutHSTSScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -162,7 +162,7 @@ func TestHTTPHeadersBestPracticesWithoutHSTSScanHandler(t *testing.T) { } func TestHTTPHeadersBestPracticesWithoutXContentTypeOptionsScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -181,7 +181,7 @@ func TestHTTPHeadersBestPracticesWithoutXContentTypeOptionsScanHandler(t *testin } func TestHTTPHeadersBestPracticesWithoutXFrameOptionsScanHandler(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/misconfiguration/http_method_override/http_method_override_test.go b/scan/misconfiguration/http_method_override/http_method_override_test.go index c1c9ac95..4d3b2ec9 100644 --- a/scan/misconfiguration/http_method_override/http_method_override_test.go +++ b/scan/misconfiguration/http_method_override/http_method_override_test.go @@ -54,7 +54,7 @@ func TestHTTPMethodOverrideScanHandler(t *testing.T) { } func TestHTTPMethodOverrideScanHandler_When_Error(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -73,7 +73,7 @@ func TestHTTPMethodOverrideScanHandler_When_Error(t *testing.T) { } func TestHTTPMethodOverrideScanHandler_Passed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -94,7 +94,7 @@ func TestHTTPMethodOverrideScanHandler_Passed(t *testing.T) { } func TestHTTPMethodOverrideScanHandler_Failed_With_Header(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -120,7 +120,7 @@ func TestHTTPMethodOverrideScanHandler_Failed_With_Header(t *testing.T) { } func TestHTTPMethodOverrideScanHandler_Failed_With_Query_Parameter(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -147,7 +147,7 @@ func TestHTTPMethodOverrideScanHandler_Failed_With_Query_Parameter(t *testing.T) } func TestHTTPMethodOverrideScanHandler_Authentication_ByPass_Passed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -177,7 +177,7 @@ func TestHTTPMethodOverrideScanHandler_Authentication_ByPass_Passed(t *testing.T } func TestHTTPMethodOverrideScanHandler_Authentication_ByPass_Failed(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/misconfiguration/http_trace/http_trace_method_test.go b/scan/misconfiguration/http_trace/http_trace_method_test.go index ba1542a3..efbdb33b 100644 --- a/scan/misconfiguration/http_trace/http_trace_method_test.go +++ b/scan/misconfiguration/http_trace/http_trace_method_test.go @@ -13,7 +13,7 @@ import ( ) func TestHTTPTraceMethodScanHandler_Passed_WhenNotOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -28,7 +28,7 @@ func TestHTTPTraceMethodScanHandler_Passed_WhenNotOKResponse(t *testing.T) { } func TestHTTPTraceMethodScanHandler_Failed_WhenTraceIsEnabled(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scan/misconfiguration/http_track/http_track_method_test.go b/scan/misconfiguration/http_track/http_track_method_test.go index f74800b7..e2640632 100644 --- a/scan/misconfiguration/http_track/http_track_method_test.go +++ b/scan/misconfiguration/http_track/http_track_method_test.go @@ -13,7 +13,7 @@ import ( ) func TestHTTPTrackMethodScanHandler_Passed_WhenNotOKResponse(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() @@ -28,7 +28,7 @@ func TestHTTPTrackMethodScanHandler_Passed_WhenNotOKResponse(t *testing.T) { } func TestHTTPTrackMethodScanHandler_Failed_WhenTrackIsEnabled(t *testing.T) { - client := request.DefaultClient + client := request.GetDefaultClient() httpmock.ActivateNonDefault(client.Client) defer httpmock.DeactivateAndReset() diff --git a/scenario/discover_api.go b/scenario/discover_api.go index d59fee03..a4815349 100644 --- a/scenario/discover_api.go +++ b/scenario/discover_api.go @@ -10,7 +10,7 @@ import ( func NewDiscoverAPIScan(method string, url string, client *request.Client, opts *scan.ScanOptions) (*scan.Scan, error) { if client == nil { - client = request.DefaultClient + client = request.GetDefaultClient() } url = addDefaultProtocolWhenMissing(url) diff --git a/scenario/discover_domain.go b/scenario/discover_domain.go index c3c45466..b7fdeb6a 100644 --- a/scenario/discover_domain.go +++ b/scenario/discover_domain.go @@ -98,7 +98,7 @@ func testFqdnReachable(fqdn string, client *request.Client) (*request.Operation, func NewDiscoverDomainsScan(rootDomain string, client *request.Client, opts *scan.ScanOptions) ([]*scan.Scan, error) { if client == nil { - client = request.DefaultClient + client = request.GetDefaultClient() } domains := getAllFQDNs(rootDomain) diff --git a/scenario/graphql.go b/scenario/graphql.go index e8ac185c..36dd981d 100644 --- a/scenario/graphql.go +++ b/scenario/graphql.go @@ -12,7 +12,7 @@ import ( func NewGraphQLScan(url string, client *request.Client, opts *scan.ScanOptions) (*scan.Scan, error) { if client == nil { - client = request.DefaultClient + client = request.GetDefaultClient() } securityScheme, err := detectSecurityScheme(client.Header) diff --git a/scenario/openapi.go b/scenario/openapi.go index daa82997..c1160e90 100644 --- a/scenario/openapi.go +++ b/scenario/openapi.go @@ -10,7 +10,7 @@ import ( func NewOpenAPIScan(openapi *openapi.OpenAPI, securitySchemesValues *auth.SecuritySchemeValues, client *request.Client, opts *scan.ScanOptions) (*scan.Scan, error) { if client == nil { - client = request.DefaultClient + client = request.GetDefaultClient() } securitySchemes, err := openapi.SecuritySchemeMap(securitySchemesValues) diff --git a/scenario/url.go b/scenario/url.go index 50534f79..ff512c13 100644 --- a/scenario/url.go +++ b/scenario/url.go @@ -13,7 +13,7 @@ import ( func NewURLScan(method string, url string, data string, client *request.Client, opts *scan.ScanOptions) (*scan.Scan, error) { if client == nil { - client = request.DefaultClient + client = request.GetDefaultClient() } securityScheme, err := detectSecurityScheme(client.Header)