The Perl and Raku Conference 2025: Greenville, South Carolina - June 27-29 Learn more

RRWO / Plack-Middleware-Security-Simple-v0.12.1 / t / 30-handler.t 

            

              
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

              
#!perl
use strict;
use warnings;
use Test2::V0;
use HTTP::Exception;
use HTTP::Status qw/ :constants :is /;
use HTTP::Request::Common;
use Plack::Builder;
use Plack::Response;
use Plack::Test;
my $handler = builder {
    enable "HTTPExceptions", rethrow => 1;
    enable "Security::Simple",
        handler => sub {
            return HTTP::Exception->throw(HTTP_NOT_FOUND);
        },
        rules => [
            PATH_INFO => qr{\.(php|asp)$},
            -and => {
                PATH_INFO      => qr{^/cgi-bin/},
                REQUEST_METHOD => "POST",
            }
        ];
    sub { return [ HTTP_OK, [], ['Ok'] ] };
};
test_psgi
  app    => $handler,
  client => sub {
    my $cb = shift;
    subtest 'not blocked' => sub {
        my $req = GET "/some/thing.html";
        my $res = $cb->($req);
        ok is_success( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_OK, "HTTP_OK";
    };
    subtest 'blocked' => sub {
        my $req = GET "/some/thing.php";
        my $res = $cb->($req);
        ok is_error( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_NOT_FOUND, "HTTP_NOT_FOUND";
    };
    subtest 'blocked' => sub {
        my $req = GET "/some/thing.php?stuff=1";
        my $res = $cb->($req);
        ok is_error( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_NOT_FOUND, "HTTP_NOT_FOUND";
    };
    subtest 'not blocked' => sub {
        my $req = GET "/cgi-bin/thing.html";
        my $res = $cb->($req);
        ok is_success( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_OK, "HTTP_OK";
    };
    subtest 'blocked' => sub {
        my $req = POST "/cgi-bin/thing?stuff=1";
        my $res = $cb->($req);
        ok is_error( $res->code ), join( " ", $req->method, $req->uri );
        is $res->code, HTTP_NOT_FOUND, "HTTP_NOT_FOUND";
    };
 };
done_testing;