Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement multi-value headers #332

Open
theseion opened this issue Jul 9, 2024 · 0 comments · May be fixed by #443
Open

Implement multi-value headers #332

theseion opened this issue Jul 9, 2024 · 0 comments · May be fixed by #443
Assignees
@theseion
Labels
enhancement New feature or request

Comments

@theseion
Copy link
Collaborator

theseion commented Jul 9, 2024
edited
Loading

The Header type currently doesn't support multiple values for a single header. We need to support requests that include the same header multiple times, possibly with different casings. Examples:

// different casing
Content-Type: application/json
ConTent-tyPE: application/json
// same casing, same or different value
content-type: application/json
content-type: application/json
content-type: application/problem+json

Attackers will throw anything at a web server to break it / break in. That means a web server will see requests that are not valid w.r.t. to RFCs. In this case, the web server might see multiple entries for the same header, with differences in the header name and / or the header value, as shown in the examples above. go-ftw must be able to send such requests in order to test that a WAF can defend against them.

Acceptance criteria

  • it must be possible to specify headers as in the examples above in a test case (YAML)
  • it must be possible to add multiple values to a specific header name
  • retrieving headers must return a map, as a key can map multiple versions of a header
  • Header must not be an alias for map[string]string. Users must be forced to use the methods to ensure proper state of the object
@theseion theseion added the enhancement New feature or request label Jul 9, 2024
@theseion theseion mentioned this issue Jul 9, 2024
Merged
@huberts90 huberts90 self-assigned this Jul 17, 2024
@huberts90 huberts90 mentioned this issue Sep 20, 2024
Closed
theseion added a commit to theseion/go-ftw that referenced this issue Jan 12, 2025
@theseion
feat: implement multi header support
35bb7f6 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
@theseion theseion assigned theseion and unassigned huberts90 Jan 12, 2025
@theseion theseion linked a pull request Jan 12, 2025 that will close this issue
Open
theseion added a commit to theseion/go-ftw that referenced this issue Jan 12, 2025
@theseion
feat: implement multi header support
28b9081 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Jan 12, 2025
@theseion
feat: implement multi header support
f76740f 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Jan 12, 2025
@theseion
feat: implement multi header support
8ba8680 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Feb 3, 2025
@theseion
feat: implement multi header support
a3af29a 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Feb 15, 2025
@theseion
feat: implement multi header support
a8ed53e 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Feb 17, 2025
@theseion
feat: implement multi header support
d29c1ba 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
theseion added a commit to theseion/go-ftw that referenced this issue Feb 25, 2025
@theseion
feat: implement multi header support
6bada5f 
- support multiple headers with the same name
- support multiple headers with identical name and value
- make list of headers ordered; in the future, tests should be able to
  enforce the order of headers in a request
- improve API, tests, and documentation of ftwhttp.Header

- disable logging in tests where possible
- enable self-updater test (go-critic was complaining because the test
  file was touched)

Fixes coreruleset#332
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@theseion theseion

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: implement multi header support theseion/go-ftw
2 participants
@theseion @huberts90