feat: improve and add support for more openapi security schemes

cerberauth · Nov 11, 2024 · 5ad2716 · 5ad2716
1 parent c03793a
commit 5ad2716
Show file tree

Hide file tree

Showing 27 changed files with 423 additions and 1,053 deletions.
diff --git a/internal/auth/bearer.go b/internal/auth/bearer.go
@@ -1,86 +1,34 @@
 package auth
 
 import (
-	"fmt"
-	"net/http"
+	"github.com/cerberauth/vulnapi/jwt"
 )
 
-type BearerSecurityScheme struct {
-	Type        Type       `json:"type" yaml:"type"`
-	Scheme      SchemeName `json:"scheme" yaml:"scheme"`
-	In          SchemeIn   `json:"in" yaml:"in"`
-	Name        string     `json:"name" yaml:"name"`
-	ValidValue  *string    `json:"-" yaml:"-"`
-	AttackValue string     `json:"-" yaml:"-"`
-}
-
-var _ SecurityScheme = (*BearerSecurityScheme)(nil)
-
-func NewAuthorizationBearerSecurityScheme(name string, value *string) *BearerSecurityScheme {
-	return &BearerSecurityScheme{
-		Type:        HttpType,
-		Scheme:      BearerScheme,
-		In:          InHeader,
-		Name:        name,
-		ValidValue:  value,
-		AttackValue: "",
+func NewAuthorizationBearerSecurityScheme(name string, value *string) (*SecurityScheme, error) {
+	in := InHeader
+	tokenFormat := NoneTokenFormat
+	if value != nil && *value != "" && jwt.IsJWT(*value) {
+		tokenFormat = JWTTokenFormat
 	}
-}
-
-func (ss *BearerSecurityScheme) GetType() Type {
-	return ss.Type
-}
-
-func (ss *BearerSecurityScheme) GetScheme() SchemeName {
-	return ss.Scheme
-}
-
-func (ss *BearerSecurityScheme) GetIn() *SchemeIn {
-	return &ss.In
-}
-
-func (ss *BearerSecurityScheme) GetName() string {
-	return ss.Name
-}
 
-func (ss *BearerSecurityScheme) GetHeaders() http.Header {
-	header := http.Header{}
-	attackValue := ss.GetAttackValue().(string)
-	if attackValue == "" && ss.HasValidValue() {
-		attackValue = ss.GetValidValue().(string)
+	securityScheme, err := NewSecurityScheme(name, nil, HttpType, BearerScheme, &in, &tokenFormat)
+	if err != nil {
+		return nil, err
 	}
 
-	if attackValue != "" {
-		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
+	err = securityScheme.SetValidValue(value)
+	if err != nil {
+		return nil, err
 	}
 
-	return header
-}
-
-func (ss *BearerSecurityScheme) GetCookies() []*http.Cookie {
-	return []*http.Cookie{}
+	return securityScheme, nil
 }
 
-func (ss *BearerSecurityScheme) HasValidValue() bool {
-	return ss.ValidValue != nil && *ss.ValidValue != ""
-}
-
-func (ss *BearerSecurityScheme) GetValidValue() interface{} {
-	if !ss.HasValidValue() {
-		return nil
+func MustNewAuthorizationBearerSecurityScheme(name string, value *string) *SecurityScheme {
+	securityScheme, err := NewAuthorizationBearerSecurityScheme(name, value)
+	if err != nil {
+		panic(err)
 	}
 
-	return *ss.ValidValue
-}
-
-func (ss *BearerSecurityScheme) GetValidValueWriter() interface{} {
-	return nil
-}
-
-func (ss *BearerSecurityScheme) SetAttackValue(v interface{}) {
-	ss.AttackValue = v.(string)
-}
-
-func (ss *BearerSecurityScheme) GetAttackValue() interface{} {
-	return ss.AttackValue
+	return securityScheme
 }
diff --git a/internal/auth/bearer_test.go b/internal/auth/bearer_test.go
@@ -1,7 +1,6 @@
 package auth_test
 
 import (
-	"net/http"
 	"testing"
 
 	"github.com/cerberauth/vulnapi/internal/auth"
@@ -12,180 +11,51 @@ func TestNewAuthorizationBearerSecurityScheme(t *testing.T) {
 	name := "token"
 	value := "abc123"
 
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
+	securityScheme, err := auth.NewAuthorizationBearerSecurityScheme(name, &value)
 
-	assert.Equal(t, auth.HttpType, ss.Type)
-	assert.Equal(t, auth.BearerScheme, ss.Scheme)
-	assert.Equal(t, auth.InHeader, ss.In)
-	assert.Equal(t, name, ss.Name)
-	assert.Equal(t, &value, ss.ValidValue)
-	assert.Equal(t, "", ss.AttackValue)
+	assert.NoError(t, err)
+	assert.Equal(t, auth.HttpType, securityScheme.GetType())
+	assert.Equal(t, auth.BearerScheme, securityScheme.GetScheme())
+	assert.Equal(t, auth.InHeader, *securityScheme.GetIn())
+	assert.Equal(t, name, securityScheme.GetName())
+	assert.Equal(t, &value, securityScheme.GetValidValue())
+	assert.Equal(t, nil, securityScheme.GetAttackValue().(string))
 }
 
-func TestBearerSecurityScheme_GetScheme(t *testing.T) {
+func TestNewAuthorizationBearerSecurityScheme_WhenNilValue(t *testing.T) {
 	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	scheme := ss.GetScheme()
-
-	assert.Equal(t, auth.BearerScheme, scheme)
-}
-
-func TestBearerSecurityScheme_GetType(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	scheme := ss.GetType()
-
-	assert.Equal(t, auth.HttpType, scheme)
-}
-
-func TestBearerSecurityScheme_GetIn(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	scheme := ss.GetIn()
-
-	assert.Equal(t, auth.InHeader, *scheme)
-}
-
-func TestBearerSecurityScheme_GetName(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	scheme := ss.GetName()
 
-	assert.Equal(t, name, scheme)
-}
-
-func TestBearerSecurityScheme_GetHeaders(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	attackValue := "xyz789"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-	ss.SetAttackValue(attackValue)
-
-	headers := ss.GetHeaders()
-
-	assert.Equal(t, http.Header{
-		"Authorization": []string{"Bearer xyz789"},
-	}, headers)
-}
-
-func TestBearerSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
+	securityScheme, err := auth.NewAuthorizationBearerSecurityScheme(name, nil)
 
-	headers := ss.GetHeaders()
-
-	assert.Equal(t, http.Header{
-		"Authorization": []string{"Bearer abc123"},
-	}, headers)
-}
-
-func TestBearerSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing.T) {
-	name := "token"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, nil)
-
-	headers := ss.GetHeaders()
-
-	assert.Equal(t, http.Header{}, headers)
+	assert.NoError(t, err)
+	assert.Equal(t, auth.HttpType, securityScheme.GetType())
+	assert.Equal(t, auth.BearerScheme, securityScheme.GetScheme())
+	assert.Equal(t, auth.InHeader, *securityScheme.GetIn())
+	assert.Equal(t, name, securityScheme.GetName())
+	assert.Equal(t, nil, securityScheme.GetValidValue())
+	assert.Equal(t, nil, securityScheme.GetAttackValue().(string))
 }
 
-func TestBearerSecurityScheme_GetCookies(t *testing.T) {
-	name := "token"
-	value := "abc123"
-
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	cookies := ss.GetCookies()
-
-	assert.Empty(t, cookies)
-}
-
-func TestBearerSecurityScheme_HasValidValue_WhenValueIsNil(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	result := ss.HasValidValue()
-
-	assert.True(t, result)
-}
-
-func TestBearerSecurityScheme_HasValidValueFalse_WhenValueIsEmptyString(t *testing.T) {
+func TestNewAuthorizationBearerSecurityScheme_WhenEmptyValue(t *testing.T) {
 	name := "token"
 	value := ""
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	result := ss.HasValidValue()
 
-	assert.False(t, result)
-}
-
-func TestBearerSecurityScheme_GetValidValueNil(t *testing.T) {
-	name := "token"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, nil)
-
-	validValue := ss.GetValidValue()
-
-	assert.Equal(t, nil, validValue)
-}
-
-func TestBearerSecurityScheme_HasValidValueFalse(t *testing.T) {
-	name := "token"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, nil)
+	_, err := auth.NewAuthorizationBearerSecurityScheme(name, &value)
 
-	result := ss.HasValidValue()
-
-	assert.False(t, result)
+	assert.Error(t, err)
 }
 
-func TestBearerSecurityScheme_GetValidValue(t *testing.T) {
+func TestNewAuthorizationBearerSecurityScheme_WhenJWTFormatValue(t *testing.T) {
 	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	validValue := ss.GetValidValue()
-
-	assert.Equal(t, value, validValue)
-}
-
-func TestBearerSecurityScheme_GetValidValueWriter(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-	writer := ss.GetValidValueWriter()
-
-	assert.Equal(t, nil, writer)
-}
-
-func TestBearerSecurityScheme_SetAttackValue(t *testing.T) {
-	name := "token"
-	value := "abc123"
-
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	attackValue := "xyz789"
-	ss.SetAttackValue(attackValue)
-
-	assert.Equal(t, attackValue, ss.AttackValue)
-}
-
-func TestBearerSecurityScheme_GetAttackValue(t *testing.T) {
-	name := "token"
-	value := "abc123"
-	ss := auth.NewAuthorizationBearerSecurityScheme(name, &value)
-
-	attackValue := "xyz789"
-	ss.SetAttackValue(attackValue)
+	value := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.ufhxDTmrs4T5MSsvT6lsb3OpdWi5q8O31VX7TgrVamA"
 
-	result := ss.GetAttackValue()
+	securityScheme, err := auth.NewAuthorizationBearerSecurityScheme(name, &value)
 
-	assert.Equal(t, attackValue, result)
+	assert.NoError(t, err)
+	assert.Equal(t, auth.HttpType, securityScheme.GetType())
+	assert.Equal(t, auth.BearerScheme, securityScheme.GetScheme())
+	assert.Equal(t, auth.InHeader, *securityScheme.GetIn())
+	assert.Equal(t, name, securityScheme.GetName())
+	assert.Equal(t, value, securityScheme.GetValidValue())
+	assert.Equal(t, nil, securityScheme.GetAttackValue().(string))
 }