parlov 0.8.0

HTTP oracle detection tool — systematic probing for RFC-compliant information leakage.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

use super::*;
use bytes::Bytes;
use http::{HeaderMap, HeaderValue, StatusCode};

fn rate_limited_class() -> ResponseClass {
    ResponseClass::classify(StatusCode::TOO_MANY_REQUESTS, &HeaderMap::new())
}

fn success_class() -> ResponseClass {
    ResponseClass::classify(StatusCode::OK, &HeaderMap::new())
}

#[test]
fn rate_limit_gate_returns_false_on_empty_exchanges() {
    let exchanges: Vec<(ResponseClass, HeaderMap, Bytes)> = vec![];
    assert!(!rate_limit_gate(&exchanges));
}

#[test]
fn rate_limit_gate_returns_false_on_success_exchanges() {
    let exchanges = vec![(success_class(), HeaderMap::new(), Bytes::new())];
    assert!(!rate_limit_gate(&exchanges));
}

#[test]
fn rate_limit_gate_returns_true_when_retry_after_present() {
    let mut headers = HeaderMap::new();
    headers.insert(http::header::RETRY_AFTER, HeaderValue::from_static("30"));
    let exchanges = vec![(rate_limited_class(), headers, Bytes::new())];
    assert!(rate_limit_gate(&exchanges));
}

#[test]
fn rate_limit_gate_returns_true_when_ratelimit_remaining_zero() {
    let mut headers = HeaderMap::new();
    headers.insert("ratelimit-remaining", HeaderValue::from_static("0"));
    let exchanges = vec![(rate_limited_class(), headers, Bytes::new())];
    assert!(rate_limit_gate(&exchanges));
}

#[test]
fn rate_limit_gate_returns_false_when_ratelimit_remaining_nonzero() {
    let mut headers = HeaderMap::new();
    headers.insert("ratelimit-remaining", HeaderValue::from_static("5"));
    let exchanges = vec![(rate_limited_class(), headers, Bytes::new())];
    assert!(!rate_limit_gate(&exchanges));
}

#[test]
fn rate_limit_gate_returns_true_when_x_ratelimit_remaining_zero() {
    let mut headers = HeaderMap::new();
    headers.insert("x-ratelimit-remaining", HeaderValue::from_static("0"));
    let exchanges = vec![(rate_limited_class(), headers, Bytes::new())];
    assert!(rate_limit_gate(&exchanges));
}

#[test]
fn parse_rate_limit_remaining_parses_standard_header() {
    let mut headers = HeaderMap::new();
    headers.insert("ratelimit-remaining", HeaderValue::from_static("42"));
    assert_eq!(parse_rate_limit_remaining(&headers), Some(42));
}

#[test]
fn parse_rate_limit_remaining_parses_legacy_x_header() {
    let mut headers = HeaderMap::new();
    headers.insert("x-ratelimit-remaining", HeaderValue::from_static("10"));
    assert_eq!(parse_rate_limit_remaining(&headers), Some(10));
}

#[test]
fn parse_rate_limit_remaining_returns_none_when_absent() {
    let headers = HeaderMap::new();
    assert_eq!(parse_rate_limit_remaining(&headers), None);
}

#[test]
fn parse_rate_limit_remaining_returns_none_on_malformed() {
    let mut headers = HeaderMap::new();
    headers.insert(
        "ratelimit-remaining",
        HeaderValue::from_static("not-a-number"),
    );
    assert_eq!(parse_rate_limit_remaining(&headers), None);
}