The Perl Toolchain Summit 2025 Needs You: You can help 🙏 Learn more

RRWO / Plack-Middleware-Security-Simple-v0.12.1 / t / 20-logging.t 

            

              
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

              
#!perl
use strict;
use warnings;
use Test2::V0;
use HTTP::Status qw/ :constants :is /;
use HTTP::Request::Common;
use Log::Dispatch 2.68;
use Log::Dispatch::Array;
use Plack::Builder;
use Plack::Test;
my @events;
my $log = Log::Dispatch->new;
$log->add(
    Log::Dispatch::Array->new(
        name      => 'test',
        min_level => 'debug',
        array     => \@events,
    )
);
my $handler = builder {
    enable "LogDispatch", logger => $log;
    enable "Security::Simple",
        rules => [
            PATH_INFO => qr{\.(php|asp)$},
            -and => {
                PATH_INFO      => qr{^/cgi-bin/},
                REQUEST_METHOD => "POST",
            }
        ];
    sub { return [ HTTP_OK, [], ['Ok'] ] };
};
test_psgi
  app    => $handler,
  client => sub {
    my $cb = shift;
    subtest 'not blocked' => sub {
        my $req = GET "/some/thing.html";
        my $res = $cb->($req);
        ok is_success( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_OK, "HTTP_OK";
        is \@events, [], 'nothing logged';
    };
    subtest 'blocked' => sub {
        my $req = POST "/some/thing.php";
        my $res = $cb->($req);
        ok is_error( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_BAD_REQUEST, "HTTP_BAD_REQUEST";
        is \@events,
          [
            {
                level => 'warn',
                message => 'Plack::Middleware::Security::Simple Blocked 127.0.0.1 POST /some/thing.php HTTP ' . HTTP_BAD_REQUEST,
            }
          ],
          'nothing logged';
    };
 };
done_testing;