force 0.2.0

Production-ready Salesforce Platform API client with REST and Bulk API 2.0 support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

//! Havoc resource exhaustion (`DoS`) test for unbounded string inputs.
//!
//! # 👺 Havoc: Unbounded SOQL and Pagination URL `DoS`
//!
//! **The Trigger:** Passing a massive string to `query` or `query_more`.
//! **The Stack Trace:** Massive memory allocation via `reqwest` URL construction leading to OOM.
//! **Reproduction:** Run `cargo test --test havoc_dos_query_limit`

#[cfg(test)]
mod tests {
    use async_trait::async_trait;
    use force::api::RestOperation;
    use force::auth::{AccessToken, Authenticator, TokenResponse};
    use force::client::builder;
    use force::error::ForceError;
    use force::error::Result;
    use serde::Deserialize;
    use wiremock::matchers::method;
    use wiremock::{Mock, MockServer, ResponseTemplate};

    #[derive(Debug, Clone)]
    struct MockAuthenticator(String);

    #[async_trait]
    impl Authenticator for MockAuthenticator {
        async fn authenticate(&self) -> Result<AccessToken> {
            Ok(AccessToken::from_response(TokenResponse {
                access_token: "token".to_string(),
                instance_url: self.0.clone(),
                token_type: "Bearer".to_string(),
                issued_at: "1704067200000".to_string(),
                signature: "sig".to_string(),
                expires_in: None,
                refresh_token: None,
            }))
        }
        async fn refresh(&self) -> Result<AccessToken> {
            self.authenticate().await
        }
    }

    #[derive(Deserialize, Debug)]
    struct Dummy {}

    #[tokio::test]
    async fn test_query_dos_limit() {
        let server = MockServer::start().await;
        Mock::given(method("GET"))
            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
                "totalSize": 0,
                "done": true,
                "records": []
            })))
            .mount(&server)
            .await;

        let auth = MockAuthenticator(server.uri());
        let client = builder()
            .authenticate(auth)
            .build()
            .await
            .unwrap_or_else(|_| panic!("Failed to build client"));

        // 1. Exact limit (should pass validation, but may fail due to URL parsing error)
        let max_query = "A".repeat(100_000);
        let result = client.rest().query::<Dummy>(&max_query).await;
        // Even if it fails (e.g. invalid URI), it should NOT fail with our InvalidInput > 100000 limit error.
        if let Err(ForceError::InvalidInput(msg)) = &result {
            assert!(
                !msg.contains("100,000 bytes"),
                "100,000 should not trigger the limit error"
            );
        }

        // 2. Off-by-one limit (should fail validation)
        let massive_query = "A".repeat(100_001);
        let result = client.rest().query::<Dummy>(&massive_query).await;

        let Err(err) = result else {
            panic!("Expected an error but got Ok");
        };
        let err_msg = err.to_string();
        assert!(
            err_msg.contains("100,000 bytes"),
            "Expected error mentioning 100,000 bytes, got: {err_msg}"
        );

        // 3. Mutational boundary limit
        let mutational_query = "A".repeat(100_000 + 1024);
        let result = client.rest().query::<Dummy>(&mutational_query).await;
        assert!(result.is_err(), "Mutational boundary length should fail");
    }

    #[tokio::test]
    async fn test_query_more_dos_limit() {
        let server = MockServer::start().await;
        Mock::given(method("GET"))
            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
                "totalSize": 0,
                "done": true,
                "records": []
            })))
            .mount(&server)
            .await;

        let auth = MockAuthenticator(server.uri());
        let client = builder()
            .authenticate(auth)
            .build()
            .await
            .unwrap_or_else(|_| panic!("Failed to build client"));

        // 1. Exact limit
        let max_url = format!("/services/data/v60.0/query/{}", "A".repeat(100_000 - 32));
        let result = client.rest().query_more::<Dummy>(&max_url).await;
        if let Err(ForceError::InvalidInput(msg)) = &result {
            assert!(
                !msg.contains("100,000 bytes"),
                "100,000 should not trigger the limit error"
            );
        }

        // 2. Off-by-one limit
        let massive_url = "A".repeat(100_001);
        let result = client.rest().query_more::<Dummy>(&massive_url).await;

        let Err(err) = result else {
            panic!("Expected an error but got Ok");
        };
        let err_msg = err.to_string();
        assert!(
            err_msg.contains("100,000 bytes"),
            "Expected error mentioning 100,000 bytes, got: {err_msg}"
        );

        // 3. Mutational boundary limit
        let mutational_url = "A".repeat(100_000 + 1024);
        let result = client.rest().query_more::<Dummy>(&mutational_url).await;
        assert!(result.is_err(), "Mutational boundary length should fail");
    }

    #[tokio::test]
    async fn test_bulk_query_csv_dos_limit() {
        use force::http::read_capped_bytes;

        let mock_server = MockServer::start().await;

        // Generate a payload that exceeds the limit (e.g. limit is 10 bytes, payload is 11)
        let large_body = "A".repeat(11);

        Mock::given(method("GET"))
            .respond_with(ResponseTemplate::new(200).set_body_string(large_body))
            .mount(&mock_server)
            .await;

        let client = reqwest::Client::new();
        let url = format!("{}/", mock_server.uri());
        let response = client
            .get(&url)
            .send()
            .await
            .unwrap_or_else(|_| panic!("Failed to fetch"));

        let error = read_capped_bytes(response, 10).await;

        if let Err(force::error::HttpError::PayloadTooLarge { limit_bytes }) = error {
            assert_eq!(limit_bytes, 10);
        } else {
            panic!("Expected PayloadTooLarge error, got: {error:?}");
        }
    }
}