(t *testing.T)
| 46 | } |
| 47 | |
| 48 | func TestCustomHeaderFlagRejectsInvalidHeaders(t *testing.T) { |
| 49 | t.Parallel() |
| 50 | |
| 51 | tests := []struct { |
| 52 | name string |
| 53 | value string |
| 54 | }{ |
| 55 | { |
| 56 | name: "missing separator", |
| 57 | value: "Cookie", |
| 58 | }, |
| 59 | { |
| 60 | name: "empty name", |
| 61 | value: ": value", |
| 62 | }, |
| 63 | { |
| 64 | name: "newline in value", |
| 65 | value: "Cookie: value\nX-Other: injected", |
| 66 | }, |
| 67 | { |
| 68 | name: "authorization is managed by bytebase action", |
| 69 | value: "Authorization: Bearer token", |
| 70 | }, |
| 71 | } |
| 72 | |
| 73 | for _, tt := range tests { |
| 74 | t.Run(tt.name, func(t *testing.T) { |
| 75 | t.Parallel() |
| 76 | |
| 77 | headers := http.Header{} |
| 78 | var headerErr error |
| 79 | require.NoError(t, newCustomHeaderFlag(&headers, &headerErr).Set(tt.value)) |
| 80 | require.Error(t, headerErr) |
| 81 | }) |
| 82 | } |
| 83 | } |
| 84 | |
| 85 | func TestCustomHeaderFlagDoesNotLeakHeaderValueInFormatError(t *testing.T) { |
| 86 | t.Parallel() |
nothing calls this directly
no test coverage detected