config_test.go — fiber Source File

Architecture documentation for config_test.go, a go file in the fiber codebase. 1 imports, 0 dependents.

File go FiberMiddleware Security 1 imports 8 functions

Entity Profile

FiberMiddleware→ Security→ config_test.go — fiber Source File

Dependency Diagram

graph LR
  d4b0c76b_df58_68cc_9f01_dca309899302["config_test.go"]
  adf3d4e8_4d86_86c1_e6cc_281d7b4104af["fmt"]
  d4b0c76b_df58_68cc_9f01_dca309899302 --> adf3d4e8_4d86_86c1_e6cc_281d7b4104af
  style d4b0c76b_df58_68cc_9f01_dca309899302 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

package csrf

import (
	"fmt"
	"strings"
	"testing"

	"github.com/gofiber/fiber/v3"
	"github.com/gofiber/fiber/v3/extractors"
	"github.com/stretchr/testify/require"
	"github.com/valyala/fasthttp"
)

// Test security validation functions
func Test_CSRF_ExtractorSecurity_Validation(t *testing.T) {
	t.Parallel()

	// Test secure configurations - should not panic
	t.Run("SecureConfigurations", func(t *testing.T) {
		t.Parallel()
		secureConfigs := []Config{
			{Extractor: extractors.FromHeader("X-Csrf-Token")},
			{Extractor: extractors.FromForm("_csrf")},
			{Extractor: extractors.FromQuery("csrf_token")},
			{Extractor: extractors.FromParam("csrf")},
			{Extractor: extractors.Chain(extractors.FromHeader("X-Csrf-Token"), extractors.FromForm("_csrf"))},
		}

		for i, cfg := range secureConfigs {
			t.Run(fmt.Sprintf("Config%d", i), func(t *testing.T) {
				require.NotPanics(t, func() {
					configDefault(cfg)
				})
			})
		}
	})

	// Test insecure configurations - should panic
	t.Run("InsecureCookieExtractor", func(t *testing.T) {
		t.Parallel()
		// Create a custom extractor that reads from cookie (simulating dangerous behavior)
		insecureCookieExtractor := extractors.Extractor{
			Extract: func(c fiber.Ctx) (string, error) {
				return c.Cookies("csrf_"), nil
			},
			Source: extractors.SourceCookie,
			Key:    "csrf_",
		}

		cfg := Config{
			CookieName: "csrf_",
			Extractor:  insecureCookieExtractor,
		}

		require.Panics(t, func() {
			configDefault(cfg)
		}, "Should panic when extractor reads from same cookie")
	})

	// Test insecure chained extractors
// ... (349 more lines)

Domain

FiberMiddleware

Subdomains

Security

Functions

Types

Dependencies

Source

View on GitHub

Frequently Asked Questions

What does config_test.go do?

config_test.go is a source file in the fiber codebase, written in go. It belongs to the FiberMiddleware domain, Security subdomain.

What functions are defined in config_test.go?

config_test.go defines 8 function(s): Test_CSRF_Chain_Extractor_Metadata, Test_CSRF_CookieName_CaseInsensitive_Warning, Test_CSRF_Custom_Extractor_Struct, Test_CSRF_ExtractorSecurity_Validation, Test_CSRF_Extractor_Error_Types, Test_CSRF_Extractor_Metadata, Test_CSRF_Security_Warnings, Test_isInsecureCookieExtractor.

What does config_test.go depend on?

config_test.go imports 1 module(s): fmt.

Where is config_test.go in the architecture?

config_test.go is located at middleware/csrf/config_test.go (domain: FiberMiddleware, subdomain: Security, directory: middleware/csrf).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free