fiber Architecture Docs
Home / Function/ Test_CSRF_ExtractorSecurity_Validation() — fiber Function Reference

Test_CSRF_ExtractorSecurity_Validation() — fiber Function Reference

Architecture documentation for the Test_CSRF_ExtractorSecurity_Validation() function in config_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

Dependency Diagram

graph TD
  ed03aed9_47a0_5914_39c6_0cdb6e1e5ee8["Test_CSRF_ExtractorSecurity_Validation()"]
  d4b0c76b_df58_68cc_9f01_dca309899302["config_test.go"]
  ed03aed9_47a0_5914_39c6_0cdb6e1e5ee8 -->|defined in| d4b0c76b_df58_68cc_9f01_dca309899302
  style ed03aed9_47a0_5914_39c6_0cdb6e1e5ee8 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/config_test.go lines 15–106

func Test_CSRF_ExtractorSecurity_Validation(t *testing.T) {
	t.Parallel()

	// Test secure configurations - should not panic
	t.Run("SecureConfigurations", func(t *testing.T) {
		t.Parallel()
		secureConfigs := []Config{
			{Extractor: extractors.FromHeader("X-Csrf-Token")},
			{Extractor: extractors.FromForm("_csrf")},
			{Extractor: extractors.FromQuery("csrf_token")},
			{Extractor: extractors.FromParam("csrf")},
			{Extractor: extractors.Chain(extractors.FromHeader("X-Csrf-Token"), extractors.FromForm("_csrf"))},
		}

		for i, cfg := range secureConfigs {
			t.Run(fmt.Sprintf("Config%d", i), func(t *testing.T) {
				require.NotPanics(t, func() {
					configDefault(cfg)
				})
			})
		}
	})

	// Test insecure configurations - should panic
	t.Run("InsecureCookieExtractor", func(t *testing.T) {
		t.Parallel()
		// Create a custom extractor that reads from cookie (simulating dangerous behavior)
		insecureCookieExtractor := extractors.Extractor{
			Extract: func(c fiber.Ctx) (string, error) {
				return c.Cookies("csrf_"), nil
			},
			Source: extractors.SourceCookie,
			Key:    "csrf_",
		}

		cfg := Config{
			CookieName: "csrf_",
			Extractor:  insecureCookieExtractor,
		}

		require.Panics(t, func() {
			configDefault(cfg)
		}, "Should panic when extractor reads from same cookie")
	})

	// Test insecure chained extractors
	t.Run("InsecureChainedExtractor", func(t *testing.T) {
		t.Parallel()
		insecureCookieExtractor := extractors.Extractor{
			Extract: func(c fiber.Ctx) (string, error) {
				return c.Cookies("csrf_"), nil
			},
			Source: extractors.SourceCookie,
			Key:    "csrf_",
		}

		chainedExtractor := extractors.Chain(
			extractors.FromHeader("X-Csrf-Token"),
			insecureCookieExtractor, // This should trigger panic
		)

		cfg := Config{
			CookieName: "csrf_",
			Extractor:  chainedExtractor,
		}

		require.Panics(t, func() {
			configDefault(cfg)
		}, "Should panic when chained extractor reads from same cookie")
	})

	// Test different cookie names - should be secure
	t.Run("DifferentCookieNames", func(t *testing.T) {
		t.Parallel()
		cookieExtractor := extractors.Extractor{
			Extract: func(c fiber.Ctx) (string, error) {
				return c.Cookies("different_cookie"), nil
			},
			Source: extractors.SourceCookie,
			Key:    "different_cookie",
		}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_CSRF_ExtractorSecurity_Validation() do?
Test_CSRF_ExtractorSecurity_Validation() is a function in the fiber codebase, defined in middleware/csrf/config_test.go.
Where is Test_CSRF_ExtractorSecurity_Validation() defined?
Test_CSRF_ExtractorSecurity_Validation() is defined in middleware/csrf/config_test.go at line 15.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free