MCPcopy
hub / github.com/labstack/echo / TestDecompress_ZipBomb

Function TestDecompress_ZipBomb

middleware/decompress_test.go:323–351  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

321}
322
323func TestDecompress_ZipBomb(t *testing.T) {
324 e := echo.New()
325 // Create highly compressed data that expands to 2MB
326 // but limit is 1MB
327 largeBody := bytes.Repeat([]byte("A"), 2*1024*1024) // 2MB
328 var buf bytes.Buffer
329 gzWriter := gzip.NewWriter(&buf)
330 gzWriter.Write(largeBody)
331 gzWriter.Close()
332
333 req := httptest.NewRequest(http.MethodPost, "/", &buf)
334 req.Header.Set(echo.HeaderContentEncoding, GZIPEncoding)
335 rec := httptest.NewRecorder()
336 c := e.NewContext(req, rec)
337
338 h, err := DecompressConfig{MaxDecompressedSize: 1 * MB}.ToMiddleware()
339 assert.NoError(t, err)
340
341 err = h(func(c *echo.Context) error {
342 _, readErr := io.ReadAll(c.Request().Body)
343 return readErr
344 })(c)
345
346 // Should return 413 error
347 assert.Error(t, err)
348 he, ok := err.(echo.HTTPStatusCoder)
349 assert.True(t, ok)
350 assert.Equal(t, http.StatusRequestEntityTooLarge, he.StatusCode())
351}
352
353func TestDecompress_UnlimitedExplicit(t *testing.T) {
354 e := echo.New()

Callers

nothing calls this directly

Calls 8

RequestMethod · 0.95
SetMethod · 0.80
NewContextMethod · 0.80
ToMiddlewareMethod · 0.65
StatusCodeMethod · 0.65
WriteMethod · 0.45
CloseMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…