Added a test to check if server name is not leaked

With capi-release PR cloudfoundry/capi-release#406 the server name will not be any more present in response headers. This PR adds a test to check the server name is not present in the response header.
cloudfoundry · Apr 23, 2024 · 8454862 · 8454862
1 parent 30bb47c
commit 8454862
Showing 1 changed file with 24 additions and 14 deletions.
diff --git a/baras/nginx.go b/baras/nginx.go
@@ -5,27 +5,37 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gbytes"
+	"regexp"
 )
 
 var _ = Describe("nginx config logic", func() {
-	Describe("hitting /v3/packages/:guid/upload with invalid parameters", func() {
-		It("returns 422 Unprocessable Entity", func() {
-			session := cf.Cf("curl", "-X", "POST", "/v3/packages/literally-any-guid/upload?bits_path='some/path'", "-i")
-			Eventually(session).Should(Say("422"))
+	FDescribe("Focused tests", func() {
+		Describe("hitting /v3/packages/:guid/upload with invalid parameters", func() {
+			It("returns 422 Unprocessable Entity", func() {
+				session := cf.Cf("curl", "-X", "POST", "/v3/packages/literally-any-guid/upload?bits_path='some/path'", "-i")
+				Eventually(session).Should(Say("422"))
+			})
 		})
-	})
 
-	Describe("hitting /v3/buildpacks/:guid/bits with invalid parameters", func() {
-		It("returns 422 Unprocessable Entity", func() {
-			session := cf.Cf("curl", "-X", "POST", "/v3/buildpacks/literally-any-guid/upload?bits_path='some/path'", "-i")
-			Eventually(session).Should(Say("422"))
+		Describe("hitting /v3/buildpacks/:guid/bits with invalid parameters", func() {
+			It("returns 422 Unprocessable Entity", func() {
+				session := cf.Cf("curl", "-X", "POST", "/v3/buildpacks/literally-any-guid/upload?bits_path='some/path'", "-i")
+				Eventually(session).Should(Say("422"))
+			})
+		})
+
+		Describe("hitting /v3/droplets/:guid/upload with invalid parameters", func() {
+			It("returns 422 Unprocessable Entity", func() {
+				session := cf.Cf("curl", "-X", "POST", "/v3/droplets/literally-any-guid/upload?bits_path='some/path'", "-i")
+				Eventually(session).Should(Say("422"))
+			})
 		})
-	})
 
-	Describe("hitting /v3/droplets/:guid/upload with invalid parameters", func() {
-		It("returns 422 Unprocessable Entity", func() {
-			session := cf.Cf("curl", "-X", "POST", "/v3/droplets/literally-any-guid/upload?bits_path='some/path'", "-i")
-			Eventually(session).Should(Say("422"))
+		Describe("Response headers", func() {
+			It("does not contain 'Server: nginx'", func() {
+				session := cf.Cf("curl", "/v3/info/usage_summary", "-i")
+				Eventually(session).ShouldNot(Say(regexp.QuoteMeta("Server: nginx") + `\/?\d+(\.\d+){0,2}`))
+			})
 		})
 	})
 })